There was the Colonial Pipeline hacking, perpetrated by the Russian-speaking hacking group DarkSide, which left thousands of Americans without gas and prevented many from accessing food or medicine. Then came the attack on JBS, the world’s largest meat supplier, which shut down multiple processing plants and was perpetrated by Russian cybercriminal group REvil.
And then, REvil hacked Kaseya, a U.S.-based software company, which affected 800 to 1,500 businesses. One of these businesses, Coop, a Swedish grocer, will take weeks to recover after the hacking shut down 800 of its physical storefronts. Coop paid $70 million to appease the criminals. The ripples also affected Leonardtown, Maryland, as city administrators lost all access to their systems.
How has President Joe Biden addressed the problem? After the Colonial Pipeline attack, he declared an executive order, calling for collaboration between the public and private sectors to iron out digital defense issues — and we learned the hard way that it will take more than that to deal with this crisis. Then, Biden addressed the issue at a summit with Vladimir Putin. And the attacks have continued.
Most recently, Biden called Putin and “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.” When asked at a press conference if there would be consequences, Biden responded, “Yes.”
We needed to set some clear boundaries — some definite consequences that would get Putin’s attention — and, from what little we know, it looks like we might have succeeded in that. Once Biden called out Putin on the issue one-on-one, hacking giant REvil disappeared. Hacking collectives have an agenda. The cybersecurity company Cybereason reports that the ransomware these hackers are installing first scans a computer’s installed languages for Russian, Ukrainian, Syrian Arabic and others that are native to Russian-allied countries. If the computer has one installed, the ransomware stops dead in its tracks.
In mid-June, cybersecurity became a principal topic of the summit between Biden and Putin. In a news conference, Biden said that he gave a list to Putin listing “16 specific entities; 16 defined as critical infrastructure under U.S. policy” which are “off-limits to attack.” He followed this comment saying, “Responsible countries need to take action against criminals who conduct ransomware activities on their territory.”
We would add that responsible countries also should take firm action when their citizens are endangered. We remember Biden saying in February, “I made it clear to President Putin, in a manner very different from my predecessor, that the days of the United States rolling over in the face of Russia’s aggressive actions — interfering with our elections, cyberattacks, poisoning its citizens — are over.”
This editorial first appeared in the Pittsburgh Post-Gazette last Friday. This commentary should be considered another point of view and not necessarily the opinion or editorial policy of The Dominion Post.