THE WASHINGTON FOREIGN PRESS CENTER, WASHINGTON, D.C.
MODERATOR: Good morning. My name is Jed Wolfington and I will be moderating today’s discussion. On behalf of the Foreign Press Center, I would like to welcome everyone in the room with us now and those who are joining us online. Today’s briefing will be about the Biden-Harris administration’s international cyber initiatives. Today we are honored to welcome Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging technologies. Ms. Neuberger will discuss how the U.S. Government is working closely with international partners to address issues related to cyber security.
A quick review of the ground rules for today’s briefing: This briefing is on the record and will be recorded. We will provide a recording and a transcript as soon as it is available at fpc.state.gov. For those of you joining us online, please include your full name and your outlet as well as the country where most of your readers or viewers are located. I would now like to invite our distinguished guest to share opening remarks, after which we will open the room for questions.
MS NEUBERGER: Great. Thank you so much for the introduction. It’s wonderful to be with you here today. I truly appreciate the opportunity to talk a bit with you about the administration’s recent international cyber efforts to improve security of cyberspace.
So I’ll talk first about ransomware. Ransomware is truly a transnational threat, affecting hospitals, schools, companies, energy companies all around the world. And the United States convened 36 countries and the European Union on October 31st and November 1st to review the work of the Counter Ransomware Initiative, which the United States launched a year ago; review threats; look at what we have seen communally as a set of countries around ransomware attacks; and plan our work together over the next year to that.
I want to particularly thank seven countries who have led the working groups of the Counter Ransomware Initiative: Lithuania and India, who led our resilience work to determine what are the right cyber security investments countries need to make to improve their cyber security, and also hosted two international exercises around the world to tie together and have countries learn from each other.
Singapore and the United Kingdom, who co-led work to counter illicit finance. Ransomware is a financially driven problem, and we want to make it riskier, costlier, and harder for criminals to move the illicit proceeds of their cyber attacks around the world.
Germany, who led the diplomacy working group, where countries set a set of agreements around the kinds of things they will not do in order to reinforce international norms – for example, not harboring ransomware criminals, doing due diligence when one country raises concerns about cyber attack activity coming out of that country. During the Counter Ransomware Initiative, Nigeria agreed to co-lead the diplomacy work with Germany, which is particularly exciting for us.
Next, Australia, with thanks to Australia for leading the disruption working group that seeks to disrupt criminals, the infrastructure they rely on, and the movement of funds around the world. And we will continue to double down and reinforce that work coming out of the conference. And finally, the public-private partnership led by Mexico.
I will note that at the conference the members brought in 13 international companies to hear their insights on what we can do between governments and the private sector to better counter the threat. So over the two days, we discussed an action-oriented agenda. Those items include standing up a joint ransomware task force to really deepen our disruption work; countries agreeing to implement financial action task force agreements over the next – within the next year; policies around ransom payments, policies around how we leverage insurance companies; the Regional Cyber Defense Centre in Lithuania; bringing countries together to produce joint products regarding threats and how to detect and counter them; and a number of other ways that we deepen coordination.
I’ll now shift to our work to reinforce our ironclad commitment to strengthening NATO at the NATO Cyber Defense Pledge Conference just last week in Rome, which the U.S. co-led with Italy. During the last NATO Summit in Madrid, NATO members announced that they would seek to build a virtual cyber incident response capability. We’ve seen multiple countries face cyber attacks. NATO needs a way for NATO members to come together, exercise together, and be prepared to support a NATO member when under attack. One of the key topics of the Cyber Defense Pledge Conference was discussing particular countries’ commitments towards that virtual response capability and finalizing the planning over the coming months to where the capability can be formally in process and in place for all NATO members to use.
In addition, we discussed updates to each country’s cyber defense pledge, the kinds of cyber security commitments countries make to ensure their critical infrastructure, their water, their power is secure from cyber attacks.
So in summary, those are really two key points where the U.S. is working closely with allies and partners to secure cyberspace both against criminals, as I talked about from a ransomware perspective, and against broader, both nation-state and criminal threats, reinforcing our ironclad commitment to NATO and to NATO Allies in every domain, particularly the cyber domain.
Thank you, and I look forward to your questions.
MODERATOR: Thank you, Anne, for your remarks. We are now opening up the floor for question and answers. We will defer to anybody who’s in the room right now for any questions. Yes, sir…and please remember to wait for the microphone, and state your name, periodical, and the country where your audience is.
QUESTION: Ivan Pilshchilov of TASS News. Thank you so much for taking —
MS NEUBERGER: Ivan was your first name?
MS NEUBERGER: Ivan.
QUESTION: Yeah. So what is the current state of the dialogue between the U.S. and Russia on cyber security? And is Washington interested in unfreezing the dialogue and maybe were there any contacts in this regard? Well, and if there is no dialogue, how the absence of the dialogue affects the cyber security of the U.S.? Thank you so much.
MS NEUBERGER: So since Russia’s brutal invasion of Ukraine, we have paused the dialogue that was in place and we, of course, still continue to hold Russia and all countries accountable for cyber attacks that come for within their borders, whether there is or is not a dialogue in place.
MODERATOR: We have one more question in the room.
QUESTION: Thank you, Anne, for doing this today. My name is Jina Park from JTBC, South Korea. My question is about North Korean ransomware heist escalating. I was wondering if South Korea will be taking on a heavier role any time soon in response to the escalating ransomware heists by North Korea.
MS NEUBERGER: You ask a really thoughtful question. South Korea is one of the countries that participates in the Counter Ransomware Initiative, and South Korea is really a leader in cyber security and in broader technology and in our Smart Cities as well. North Korea’s malicious cyber activity is of significant concern. North Korean hacks – you saw we attributed a number of North Korea cyber attacks against cryptocurrency infrastructure that we believe netted North Korea vast sums of money. And we are particularly concerned regarding – we believe that North Korea funds just about 30 percent of its missile and other malicious programs from cyber attacks.
That includes – so our work in countering the DPRK’s malicious cyber activity is both done with close allies and partners, including intelligence cooperation regarding the threat, regarding the actors themselves, as well as work to, as I mentioned, make it harder to move illicit funds through cryptocurrency infrastructure, like for example the designation the United States did of the tornado.cash mixer, which had facilitated vast sums of the DPRK’s illicit funds movements, we believe up to $600 million of that money. So we continue to both use multiple tools, both our intelligence cooperation to find the activity, our sanctions designation to designate elements of cryptocurrency infrastructure that facilitate the movements of funds, as well as real efforts to improve the resiliency of banks and cryptocurrency infrastructure that are targeted by the DPRK as sources of funds.
MODERATOR: Great. Thank you for those questions. Thank you for the response, Ms. Neuberger. I’m not seeing any hands raised up in the Zoom room, so in the meantime, if the journalists want to think of questions, I have an advance question for you, Anne. And the question is: So cyber security incidents are usually things that happen and then people decide only after the crisis that it’s important to put resources in to preventing the next crisis. Can you talk a little bit about how you go about trying to convince governments and maybe private sector firms to put resources into preventing cyber attacks and threats before they occur?
MS NEUBERGER: That’s such an excellent question, because we continue to see both criminal and nation-state cyber attack activity that’s very successful using, leveraging, vulnerabilities where patches are available, where resilience is possible. This was the core of I mentioned the NATO Cyber Defense Pledge. We saw – we all had a responsibility to build national cyber defenses, and what we discussed in that context was specific steps countries could take to secure their most vulnerable infrastructure that, if disrupted, would disrupt critical services citizens rely on. I think about the United States, where in May of 2021 we had a disruptive criminal cyber attack against Colonial Pipeline, a company serving the entire East Coast. And you may recall the pictures we have of cars lined up working to refill gasoline. That led in the United States to our putting in place mandatory cyber security practices for the 96 oil and gas pipelines in the country to ensure that there were minimum cyber security practices in place by private sector owners and operators so that American citizens could have confidence that those services were far harder to disrupt.
In multiple countries, putting in place requirements for critical infrastructure, the largest owners and operators of water, power, pipelines is now happening. And we share best practices and learn from each other. And indeed, putting in place both that minimum resilience and also steps so that countries can work together to help a country under attack quickly respond is key. And certainly we saw that over the summer when Iran attacked the Government of Albania in cyberspace, and the United States and other countries quickly surged support and now are working closely with Albania to help them improve the cyber security of their networks to meet the threats they face.
MODERATOR: Thank you for that response. And we do have a question now in the audience from Alex. Can we go to Alex on Zoom?
QUESTION: Yes, thank you so much for this opportunity and for doing this. I’m so sorry; I was trying to be there in person. Such a very important topic to discuss. I want to follow up on Russia question, if possible. You mentioned the Rome conference that you attended a couple days ago, which also focused on lessons learned from the ongoing Russia invasion of Ukraine. Can you please speak to some of the concerns you heard from NATO partners? Of course in recent weeks Russia has stepped up missile attacks against energy centers in Ukraine, but also it has previously used cyber attacks in efforts to disable electricity in portions of the country.
But I also want to focus on, if possible, on the bright side as well, because I remember you told us last year that it takes network to fight network, right. The information space is one of the areas in which the Ukrainians have really crushed the Russians, if you want. I’m curious whether you’re also reading this as sort of Ukraine’s victory so far on cyberspace, as well as how badly the Russians are being outperformed in external communications. Thank you so much.
MS NEUBERGER: So thank you for pointing to that. For people who work in cyber security, it can often feel like a tough job because it’s so much easier to attack – because technology is often not built securely enough – than to defend. So I think the experience of Ukraine – both Ukraine as a country and as a private sector and other governments working closely to support to Ukraine – should be in the shot arm of cyber security defenders around the world.
When Ukraine first experienced a significant invasion and offensive, very powerful cyber attacks in 2015, Ukraine took the message and worked hard to improve the security of its oil and gas networks, of its electricity networks, including connecting closely before the invasion to the European grid for extra resilience. And that work made a significant difference.
Of course, following the invasion, a private sector and other governments worked quickly to support Ukraine to ensure data could be accessed, to ensure networks could be locked down, any threats that were identified could be rapidly found to ensure they were contained quickly. And I think that that partnership – both the hard work, the dedication, and the follow-through of Ukrainian network defenders, the work of the private sector to provide support, in many cases to provide support and technology at low costs, and other governments to share intelligence, to share best practices – made a key different and has led to Ukraine being able to counter the destructive and disruptive – many of the destructive and disruptive cyber attacks which they faced from Russia.
MODERATOR: So are there any other questions in the room or from Zoom? Okay. So if there are no more questions, I’d like to express our special thanks to Deputy National Security Advisor Neuberger and all of you who joined us today both in the room and online. This concludes today’s briefing.
MS NEUBERGER: Thank you.