The US National Cybersecurity Strategy, launched in March 2023, significantly changes the government’s vision regarding the fight against cyber threats and has encouraged the US to work internationally with ally countries.
Andy Williams, CEO of Global Transatlantic Ltd and co-founder of the Transatlantic Cybersecurity Business Network (TCBN), outlined key takeaways from the plan during CRESTCon Europe, in London on May 18, 2023.
He mentioned that, to realize this vision, the US government acknowledged the need to make two fundamental shifts in how it allocates roles, responsibilities and resources in cyberspace:
- Moving the burden of cybersecurity away from individuals, small businesses and local governments and onto organizations that specialize in fighting cyber incidents
- Realign incentives to favor long-term investments in cybersecurity
With these two new objectives in mind, he said, the US government has also realized it needs to engage in international initiatives.
“In the strategy document, for the first time, there is a genuine intent to become more collaborative internationally with allies,” Williams told Infosecurity.
Counter Ransomware Initiative
The best example of that is the Counter Ransomware Initiative (CRI), a multinational law enforcement endeavor launched in November 2022 in 36 countries, including the Five Eyes (US, UK, Canada, Australia, New Zealand) and the 27 EU member-states, as well as Brazil, Nigeria, South Africa, South Korea, Singapore and the United Arab Emirates.
The CRI members have already agreed on multiple initiatives, including:
- The International Counter Ransomware Task Force (ICRTF) to be led by Australia
- A number of other task forces, including one dedicated to the fight against financial cyber-crime, to be led by the UK and Singapore
- A shared investigation toolkit with techniques, tactics and procedures (TTPs) as well as trends from the cyber threat landscape
- Joint advisories
- A capacity-building tool to help countries utilize public-private partnerships to combat ransomware
- Bi-annual counter-ransomware exercises
Williams said he found it particularly interesting to see countries like Australia and Singapore leading task forces within a US-backed initiative. “In the past, the US, or else the UK, would probably have been responsible,” he added.
Take-Down of Hive Ransomware Group
The co-founder of TCBN believes that, from a US perspective, the decision to engage with such an international initiative was partly due to new people being appointed as senior leaders of the cybersecurity community in the government.
“Joe Biden hinted at the fact that his administration would be launching wider initiatives like the CRI in his May 2021 Executive Order on Improving the Nation’s Cybersecurity, even though what they would be was not specifically mentioned,” Williams argued.
It seems to have already paid off. “While not fully formalized at that time, the launch of the CRI certainly played a part in the January 2023 take-down of the Hive ransomware group by US law enforcement,” Williams claimed.
Other initiatives, like the post-quantum competition from the US National Institute of Standards and Technology (NIST) being open to all applicants across the world or the Digital Security by Design (DSbD), a public-private initiative that received US and UK funding, show that the US government is increasingly trying to look beyond its borders when it comes to cyberspace.