NATO Endorses Cybersecurity Defense PolicyAgreement Comes in Advance of Biden Meeting With Putin on Wednesday
The U.S. and its NATO allies endorsed a new cybersecurity defense policy during President Joe Biden's visit this week with member states in Brussels, according to the official summit communique.
See Also: Global Ransomware Threat Report H1 2022
NATO members agreed that the organization's Article 5 provision - which states that an attack on one member nation is an attack on all - could now be applied to cyberthreats. But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes.
Article 5 has only been invoked once by NATO - following the Sept. 11, 2001, terrorist attacks on the U.S.
In endorsing this new cybersecurity defense policy, NATO noted that ransomware attacks and other threats to critical infrastructure in the U.S. and across Europe can cause significant harm to member states and that new actions are needed to address these and other issues.
"Reaffirming NATO's defensive mandate, the alliance is determined to employ the full range of capabilities at all times to actively deter, defend against and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law," the communique states. "We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis."
The NATO cyber defense policy came as President Biden prepares to meet Russian President Vladimir Putin in Geneva on Wednesday. The two leaders are expected to discuss national security and economic issues, including a series of ransomware and other cyberattacks in the U.S. that appeared to originate in Russia.
"I will tell you this: I’m going to make clear to President Putin that there are areas where we can cooperate, if he chooses," Biden said during a press conference after NATO released its final communique. "And if he chooses not to cooperate and acts in a way that he has in the past, relative to cybersecurity and some other activities, then we will respond. We will respond in kind."
US and Russia Cyber Issues
Since coming into office in January, the Biden administration has faced several cyber issues related to Russia. On April 15, the White House formally accused Russia's Foreign Intelligence Service, or SVR, of carrying out the SolarWinds supply chain attack that led to follow-on attacks on about 100 companies and nine U.S. federal agencies (see: US Sanctions Russia Over SolarWinds Attack, Election Meddling).
In response, the Biden administration issued sanctions against the Russian government as well as individuals and businesses that allegedly assisted in the SolarWinds attack or interfered in the 2020 U.S. elections (see: US Pulls Back Curtain on Russian Cyber Operations).
Since then, however, the administration has turned its attention to a series of ransomware attacks that have targeted companies that support large portions of the nation's critical infrastructure. This includes the May 7 attack on Colonial Pipeline Co., which the FBI says was connected to the cybercriminal organization DarkSide, which is suspected of operating from inside Russia.
On May 31, JBS, one of the world's largest meat processors, revealed that it had been hit by a ransomware attack. The FBI said it traced the incident to REvil, also known as Sodinokibi - a Russian-speaking cyber gang.
In an opinion piece printed in The Washington Post this week, Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and the former CTO of CrowdStrike, and Matthew Rojansky, director of the Wilson Center’s Kennan Institute, wrote that Biden should inform Putin about U.S. capabilities for countering these types of attacks, pointing to, for example, the FBI recovering $2.3 million of the $4.4 ransom paid by Colonial Pipeline Co.
"After the Colonial attack, American officials announced that they were able to access the hackers’ digital wallet and recover most of the ransom. Senior administration officials have said there are 'parallels' between cybercrime and terrorism, and that 'all options' are on the table to deal with the threat," Alperovitch and Rojansky wrote.
The Biden administration is also pushing other countries to do more to fight back against cyberattacks.
On Sunday, the Group of Seven, aka G-7, leaders announced an agreement to counter ransomware attacks that calls for greater cooperation between governments and businesses. The agreement also demands that Russia do more to curb the criminal activity within its borders, according to the White House.
"The international community - both governments and private sector actors - must work together to ensure that critical infrastructure is resilient against this threat, that malicious cyber activity is investigated and prosecuted, that we bolster our collective cyber defenses and that states address the criminal activity taking place within their borders," the Biden administration notes in a statement.
Putin on Handing Over Criminals
While Biden and U.S. allies are laying the groundwork for the Putin summit, the Russian president was busy laying out his own agenda.
On Sunday, Putin indicated he would consider handing over Russian cybercriminals to the United States if the U.S. does the same for Moscow. "If we agree to extradite criminals, then, of course, Russia will do that, we will do that, but only if the other side, in this case the United States, agrees to the same and will extradite the criminals in question to the Russian Federation," Putin said, according to Reuters (see: Putin Raises Issue of Extradition Agreement).
Asked on Sunday about Putin’s comment that Moscow would be willing to hand over cybercriminals to the United States if Washington reciprocates, Biden described it as “potentially a good sign of progress," USA Today reports. But national security adviser Jake Sullivan subsequently clarified that Biden was not saying he’s going to exchange such criminals with Russia, saying, "This is not about exchanges or swaps, or anything like that," and that "cybercriminals will be held accountable in America, because they already are."