The summit between President Joe Biden and President Vladimir Putin of Russia may signal a legitimate first step to lower the tension between the countries after the U.S. endured a series of ransomware and nation-state attacks that threatened key industries, cybersecurity analysts and private sector officials said.
"It is incredibly beneficial to have the president of the United States stand on the world stage and make clear that ransomware attacks and cyberattacks targeting critical infrastructure are a priority," Allie Mellen, analyst at Forrester Research, said via email.
Biden, at his Geneva press conference, said he warned Putin the U.S. could unleash some of its cyber arsenal against Russia if additional attacks were traced back to his country.
The Biden administration plans to engage in coordinated discussions with Russia to crack down on criminal activity that industry experts say has been tolerated in the country for years and has been linked to major attacks against critical infrastructure in the U.S. and other Western allies.
Following the supply chain attack on SolarWinds, the U.S. had endured a wave of malicious activity that culminated in the May ransomware attack on Colonial Pipeline and a subsequent attack on JBS USA, which threatened to halt production at the nation’s largest meat supplier.
The diplomatic effort was a "step in the right direction" to help deter nation-state attacks against companies as well as attempts to disrupt government, Mellen said, but the discussions would do little to deter nation-state activity aimed at cyber espionage. A sit down falls short against preventing malign activity from criminal cyber gangs.
"Based on historical precedent, the United States will likely need more than deterrence conversations, but true accountability for the Russian government to step in and stop cybercriminals within their borders," Mellen said. "That said, the response to recent ransomware attacks by the U.S. government more broadly will cause cybercriminals to question whether critical infrastructure providers are appropriate targets. Ultimately, they want to make money, not start an international conflict."
The Biden administration took executive action last month to tighten up supply chain security, boost intelligence sharing between the private and public sector and raise software security standards to protect companies against falling victim to unsuspected third-party vendor risk.
A growing number of U.S. companies have urged the Biden administration to work with the private sector to share intelligence and encourage information sharing with other private sector officials. During his congressional testimony, Colonial Pipeline CEO Joseph Blount said the government needed to send a message to foreign adversaries that they would pay a higher price for such activity.
While a wave of recent ransomware attacks have not been tied directly to Russia, administration officials and cybersecurity experts say foreign governments have in many cases provided safe haven to criminal gangs that have openly operated without fear of sanction. Colonial Pipeline, which suffered an attack that shut down a 5,500 mile fuel pipeline between Houston and New Jersey, was attributed to the DarkSide ransomware gang, an organization that experts say was tolerated for months by Russian officials.
"Colonial Pipeline is grateful for the support we received from the Biden administration throughout our incident and applaud their ongoing efforts to hold criminal ransomware groups — and any governments that harbor them — accountable," a spokesperson for the company said via email. "We are encouraged by the seriousness with which federal authorities are taking this threat to American companies and our nation’s critical infrastructure."
Biden said he provided a list of 16 U.S. critical infrastructure sectors that the country considered to be off limits to malign activity. He warned Putin the U.S. was ready to respond with its own arsenal of offensive capabilities if further attacks are traced back to Russia.
"I pointed out to him that we have significant cyber capability," Biden said at the press conference Wednesday. "And he knows it. He doesn’t know exactly what it is, but it’s significant. And if, in fact, they violate these basic norms, we will respond with cyber. He knows."
Correction: The story has been updated to correct a typo in a quote from Forrester's Allie Mellen.