The federal government should launch a new “Joint Ransomware Task Force” while industry partners stand up an “informal Ransomware Threat Focus Hub” as part of an effort to formalize a collaborative process in the face of rising threats from cyber criminals, according to a new report from the Institute for Security and Technology.
IST’s Ransomware Task Force today released “Combating Ransomware: A Comprehensive Framework for Action,” including a proposed framework for a public-private “operational” campaign, as well as recommendations in areas like cyber insurance.
Homeland Security Secretary Alejandro Mayorkas will deliver a keynote at an event to unveil the report.
The group’s co-chairs will also be on hand, including John Davis of Palo Alto Networks; Megan Stifel of the Global Cyber Alliance; Kemba Walden of the Microsoft Digital Crimes Unit; Michael Phillips of Resilience Insurance; Jen Ellis of Rapid7; and former State Department cyber leader Chris Painter, now president of the Global Forum on Cyber Expertise Foundation Board.
Among the key recommendations, the task force calls on policymakers to:
- Establish an international coalition to combat ransomware criminals, and a global network of investigation hubs
- Make ransomware a priority within the U.S. intelligence community and designate it a national security threat
- Establish a U.S. government Joint Ransomware Task Force to collaborate with the private sector
- Conduct a sustained, aggressive, public-private anti-ransomware campaign
- Exert pressure on nations that are complicit or refuse to take action
- Incentivize voluntary information sharing between cryptocurrency entities and law enforcement
- Update cyber hygiene regulations and standards
- Require local governments and MSPs to adopt limited baseline security measures
- Require organizations to review alternatives before making payments
DHS at the end of March launched a 60-day sprint focused on ransomware. Mayorkas, in unveiling the initiative, said: “In the coming weeks, the Department will step up our efforts to tackle ransomware on both ends of the equation. With respect to preventing ransomware incidents, we will take action to minimize the risk of becoming a victim in the first place. We will launch an awareness campaign and engage with industry and key partners, like insurance companies. With respect to responding to ransomware attacks, we will strengthen our capabilities to disrupt those who launch them and the marketplaces that enable them.” – Charlie Mitchell (email@example.com)