Russia’s failure so far to stop criminal actors inside its country from conducting ransomware attacks against targets in the U.S. despite a warning from President Biden over the summer to knock it off or face consequences is troubling some Democrats in the House.
“It seems to me that Russia has broken its promise to the United States,” Rep. Ritchie Torres (D-N.Y.), vice chairman of the House Homeland Security Committee, said on Wednesday.
The committee’s panels that oversee cybersecurity and intelligence at the Department of Homeland Security hosted a joint hearing on the DHS role in the U.S. government’s fight against ransomware, which is frequently committed from inside countries such as Russia whose governments don’t work to stop it.
Rep. Elissa Slotkin (D-Mich.), chairwoman of the Intelligence and Counterterrorism Subcommittee, said that “If the United States knew that criminal actors were emanating from our soil and attacking another country, we would act, and I don’t see any evidence that Russia is actually helping us on this score.”
In a June meeting with Russian President Vladimir Putin, Biden said that 16 U.S. critical infrastructures are off limits, pointing out that the U.S. has significant cyber capabilities that will be used if Russia continues to violate norms of behavior. Biden said the U.S. would know within six months to a year if Putin is taking positive actions.
So far, it appears that Russia is not.
Torres asked a panel of DHS witnesses if Russian criminal organizations continue to be active in ransomware attacks.
Jeremy Sheridan, assistant director of investigations for the U.S. Secret Service, answered that, “We have a list of countries that have a more tolerant, or offer safe harbor, in some cases offer outright support to cyber criminals. Russia is one of those countries. So, if your question is, ‘does Russia tolerate this?’ As a general answer, the answer is yes.”
Asked by Torres if these Russian organizations “remain active,” Sheridan replied, “Yes sir.”
Ransomware attacks have been increasing for several years, hitting everything from schools, hospitals and local governments to businesses big and small.
Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, told the panel that based on current reporting to the federal government, there has been no change in the past five months in the amount of ransomware attacks against the U.S. from actors inside various countries.
Torres also said that by telling Russia that the 16 U.S. critical infrastructure areas are off limits, “The implication is we will tolerate Russia’s safe harbor for Ransomware attacks on individuals and institutions outside” these areas.
Slotkin also asked about behavioral changes coming from Russia in response to Biden’s notice to Putin.
Robert Silvers, under secretary for strategy, policy and plans at DHS, said there isn’t enough data yet to determine whether the trends in ransomware attacks coming from Russia have turned positive. He said congressional passage of cyber incident reporting legislation mandating that private sector entities report attacks on their networks to the federal government will fill the data gap.
The congresswoman also asked about the metrics that DHS will use to determine whether Russia is clamping down on ransomware actors. Silvers said metrics will include the number of attacks.
“I would expect that one year out from that summit we will be back here having that conversation with metrics to basically assess what has happened in the year since,” she said.
Rep. Tom Malinowski (D-N.J.) lauded the work the Biden administration has done recently in attacking the networks that help facilitate ransomware, including sanctions against cryptocurrency exchanges in Russia, the seizure of cryptocurrency ransoms paid by victims, and indictments of ransomware actors. However, he said, “obviously Putin can shut these operations down in a day if he wanted to. We need to take offense too.”