Moderator: Good afternoon. I’d like to welcome everyone joining us for today’s virtual press briefing. Today, we’re very honored to be joined by Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology at the National Security Council. Before I turn it over to Deputy National Security Advisor Neuberger for opening remarks, I have a few comments on the procedure for asking questions.
If you’re joining us via the Zoom application or link, you may submit your questions at any time by clicking on the questions and answers tab and typing in your question. If you see a colleague ask a question that you’d like Deputy National Security Advisor Neuberger to answer, you can upvote it in the queue by clicking the “Like” button to the right of that question. We will try to get through as many questions as possible in the 30 minutes that we have today, so please so your support and like the questions you’d most like us to cover. You can notify us of any technical difficulties by e-mailing TheBrusselsHub@state.gov.
And with that, let’s get started. Deputy National Security Advisor Neuberger, thank you so much for joining us today. I’ll turn it over to you for opening remarks.
Ms. Neuberger: Thank you so much for that. Hello, everyone. Thank you for being here today. Today, I had the privilege and opportunity to brief our NATO colleagues and to brief and to consult on – as we work to collectively strengthen our cyber defenses. The consultation reflected President Biden’s value on alliances, specifically the NATO Alliance, which has protected the security and freedom of our transatlantic alliance for 75 years.
This past year, the United States learned a great deal and implemented a great deal in the area of cyber policy, and I came to consult and provide recommendations for our NATO Allies for both individual and collective action, particularly as NATO has issued its first cyber-defense policy in seven years.
On the individual side, we discussed the need to treat cyber security as national security. Many countries have experienced disruptions to critical infrastructure, from power to water to critical hospitals during a pandemic, and this reflects the degree of our digitization in our society and the degree to which malicious cyber actors can impact critical services that serve our citizens. Second, I talked about the role of national procurement, and raising the security of software and technology, and the need to use every national policy tool to improve the security of critical infrastructure.
On the collective side, we talked about the need to communicate what isn’t acceptable in cyberspace, and the work NATO can do to hold malicious cyber actors accountable when irresponsible behavior is done in cyberspace.
Finally, we discussed the role of strategic planning. I mentioned the role NATO has played for 75 years in transatlantic security and the role it will play in the future, the need to encourage and incorporate cyber into strategic planning, into cyber-resilience exercises, and into planning for incidents. And indeed, as allies work to prepare for the summit in June, the Madrid summit, there’s the opportunity to build out the action plan coming from the first cyber-defense policy to incorporate achievable, ambitious, and practical outcomes to truly improve individual and collective security.
Thank you, and I look forward to your questions.
Moderator: Thank you very much. We’ll now turn to the question and answer portion of the – today’s briefing. And our first question goes to Jovana Djurisic from Daily “Podjeda” Montenegro. Her question is: “You’ve talked with NATO partners about strengthening the cybersecurity of member states. Montenegro, a member of the alliance, has previously been the target of cyberattacks by Russia. Are you worried that these attacks will continue in the future, especially when the country is led by a government close to Moscow? And what will United States do to help prevent these attacks?”
Ms. Neuberger: In our consultations today, we talked about the role of individual national resilience, the work each country must do to secure its own networks, and how that in turn builds collective resilience within the framework of NATO as well. So within the consultations, we have many countries in NATO with different levels of capabilities. There’s the opportunity to share experiences, to share best practices, to learn from each other’s work as we work to raise collective resilience.
Moderator: Thank you very much. And our next question goes to Mike Eckel, whose question is “You spoke recently at an event in Washington where you said that despite the Putin-Biden Summit in Geneva, U.S. intel has not seen a drop-off in illicit or malign activity from Russia. So how would you characterize the nature of Russian-related activity today? And what was the message that CIA Director Bill Burns told Nikolai Patrushev from the Russian Security Council when Burns was in Moscow last week?”
Ms. Neuberger: So first, I don’t believe I said the quote at the beginning. It could have been a different government official. To the point focused on ransomware activity, we are very focused from a U.S. perspective on addressing ransomware as we heard – as you may have heard yesterday with the disruptive activities that we announced towards ransom actors.
Our overall ransomware strategy has four components. One component is improving national resilience, which is one of the topics I came to NATO to discuss. The second is countering illicit use of cryptocurrency, since cryptocurrency fuels malicious cyber activity. The third is disrupting ransomware networks, individuals – much as was announced yesterday during the combined Department of Justice and Treasury disruption activities. And the final one is diplomacy, again, the purpose of today, which was for countries to articulate what is unacceptable behavior in cyberspace and to work collectively to ensure those norms are put in place and malicious activity is addressed.
Director Burns went to discuss a range of topics, including cybersecurity, and within the context of our ongoing discussions with Russia, about the need for Russia to address malicious ransomware activity coming from within its borders inasmuch as it is the work every responsible country needs to do. The United States works to address malicious activity coming from within its borders and we know that that is one of the key norms that we are working collectively to do to improve cybersecurity.
Moderator: Thank you very much. Our next question comes from Jennifer Hansler with CNN, who asks: “What role will U.S. offensive cyber operations play in this administration’s anti-ransomware strategy? The recent arrests in Poland and Romania appear to be of REvil affiliates, not developers of leadership. So how is the administration planning to apprehend the bigger fish other than the rewards offered by the State Department?”
Ms. Neuberger: As I mentioned, our counter-ransomware strategy includes four components. First, we truly believe money drives criminal ransomware activity, which is why we’ve put such a focus on addressing illicit use of cryptocurrency. Within the context, for example, of the counter-ransomware initiative the United States launched with 31 countries participating in October, that initiative is a key way we seek to address ransomware, bringing countries together, sharing best practices, agreeing on the need to implement financial action task force activities, and working together on a range of actions.
The disruption activities that were announced, there are some that are public; some that are less so. But we are committed to using every tool we can within the U.S. Government’s capabilities – and I mentioned a number of them – to ensure that we address the ransomware activity which is impacting U.S. individuals, businesses, and allies and partners all around the world.
Moderator: Thank you very much. I’ll now turn to one of our attendees with their hand up, Dmitry Kirsanov from TASS News Agency. You can unmute yourself and ask your question.
Question: Hi. Can you hear me now?
Moderator: Yes, we can.
Ms. Neuberger: Yes.
Question: Madam Ambassador, thank you so very much for doing this session. I wanted to ask you about a necessity to establish rules of the road in the cybersecurity sphere. How are these efforts playing out at the moment, especially with the Russians and the Chinese? And tangentially to that, does the Biden administration see a need to create – to impose some sort of arms control in cybersecurity sphere so as not to overly develop offensive capabilities by the nation states? Thank you so much.
Ms. Neuberger: Thank you for the question. So during their summit in June, President Biden and President Putin established a group to focus on discussing disruptive ransomware attacks affecting critical infrastructure. At the time, President Biden articulated one key rule, which is that disruptive attacks against critical infrastructure coming from within one country are a matter of national security. They’re not a law enforcement issue when they impact critical services that a country’s citizens rely on.
And indeed, within the format there has been candid, professional, very direct dialogue articulating details of critical infrastructure. We have shared information with the Russians, and this will be a test of their follow-on activity to act. They’ve committed to act on the information that’s been shared, inasmuch as we greatly value the bilateral dialogue and we greatly value as well hearing what we can do from a U.S. perspective to address malicious cyber activity.
With regard to your question about arms control, there are certain similarities we can learn from past efforts with regard to arms control that we can certainly learn in the offensive cyberspace. We look to study those, consult with those. There are some key differences with regard to verifiability, with regard to the broad availability of offensive cyber tools. So inasmuch as we look to the past for lessons, in this new cyber arena we also are looking carefully to determine how do we best protect our citizens, protect our critical services in this new age?
Moderator: Thank you very much. We’ll turn to another of our participants who have got their hand raised, Jillian Deutsch from Bloomberg. You can now unmute yourself and ask your question.
Question: Hi, thank you. I wanted to ask a question about the arrest of a hacker in Poland related to the REvil ransomware group. Can you talk about Russia’s help that led to that arrest? Thank you.
Ms. Neuberger: So I won’t go into specifics of law enforcement operations. I will note that international cooperation is often critical to successful law enforcement, but I won’t speak to any specifics or any specific countries that did or did not participate in that.
Moderator: Thank you. And our next question comes from Lauri Nurmi, who asks: “How do you see cooperation between NATO and the European Union in combating cyber threats? Is there anything new in this cooperation that the United States intends to promote?”
Ms. Neuberger: It’s a great question, and certainly both NATO and the EU bring significant contributions to addressing cybersecurity. And indeed, we believe that each can mutually reinforce each other’s contributions. One interesting area, for example, could be EU efforts to improve the security of technology, both software and hardware, or establishing standards, as the EU is doing in NIS-2, building on its prior standard of NIS-1, establishing standards for critical infrastructure.
Similarly, the NATO context establishing, as I noted, what is or isn’t acceptable behavior in cyberspace and determining how allies work collectively to attribute activity and then to hold malicious actors accountable. Those are two very different spheres, mutually reinforcement, and both very much needed in improving individual and collective cybersecurity.
Moderator: Thank you very much. I’d now like to turn to Oskar Gorzynski, who is participating online. Oskar, you can unmute your line and ask your question.
Question: Hi. Thanks for doing this. I wanted to follow up on the question that Mike asked because even if you didn’t say that the Russian cyber – I mean, the ransomware attack, and I think from Russia, hasn’t lessened. It’s what the CISA director, John Easterly, said last month. So I wanted – and the White House position has been that it’s ultimately the responsibility of the countries that harbor these criminals for those actions. So I was wondering if that means that Russia should be held accountable, do you think? And what – if you could speak broader on the cooperation with Russia’s authorities on this topic.
Ms. Neuberger: So first, speaking of the major ransomware groups, in talking with our private sector partners and talking across the government, we have seen a decrease in some key actors. As you have noted, some public announcements where certain ransomware groups said they could no longer operate or have removed infrastructure. It is too early to tell the causes of that. It is too early to tell whether that will be a sustained reduction. We have seen groups re-form and re-name themselves. These are certainly criminal groups which are fueled by the financial incentives of ransomware.
So it is too early to tell whether this has been a sustained reduction, but we are watching this area carefully because each ransomware attack that occurs is an attack that disrupts a company, that disrupts a service, and as such, this is an area that we are very committed to. We’re committed to using every tool within U.S. Government’s capabilities – I noted several a moment ago – to ensure that we address ransomware activity. And we knew that it won’t change in a matter of days or weeks, so we’re watching the trend over a period of time and using that to encourage improved resiliency, to encourage ongoing disruption of these activities, to encourage improvements in anti-money laundering, and to engage effectively in diplomatic channels.
I’ll note, too, one specifically is our international counter-ransomware initiative, where we brought together 31 countries plus the European Union to discuss how we collectively fight ransomware since it’s impacting many countries at one time, as well as our direct, candid, diplomatic discussions with our Russian counterparts to ensure that activity, criminal activity, coming from within Russia that is disruptive is addressed in an effective way.
Moderator: Thank you. And I’ll remind all of our participants that if you have a question that you’d like to ask, you can either enter it into the chat or raise your hand and we’ll call on you to ask your question.
So our next question comes from Alex Raufoglu from Turan News Agency from Azerbaijan. His question is: “Moving forward, what red flags should NATO and other U.S. allies in the region watch for that might portend a more offensive posture by Russia?”
Ms. Neuberger: It is always wise for countries to have good visibility. The first step in an effective cybersecurity practice is having good visibility of one’s networks. And certainly have seen malicious cyber activity from multiple adversaries, including attempts to interfere in critical services, including attempts to influence democratic processes. So when we discuss resilience, we discuss resilience against a whole set of malicious cyber activity.
And improving resilience to meet the threat includes achieving visibility, modernizing defenses, raising the resilience of the society with regard, for example, to building trust in electoral processes, discussing what countries are doing for countries to have confidence in their electoral processes. So each of these is one step in the broad spectrum of resilience activities that countries should be both working on and constantly monitoring for with regard to adversaries’ malicious activities.
Moderator: Thank you very much. And I believe we have – okay. I’ll now move to Mike Eckel, and from RFE/RL, who has the following question: “The U.S. Justice Department in December 2019 indicted a Russian man known for his work in developing Dridex and Cridex malware, which has been used in various banking and ransomware activity. The Justice Department alleged the man in question, Maksim Yakubets, was as of 2017 employed by the Federal Security Service. Does the U.S. believe that Russian intelligence agencies continue to harbor alleged cybercriminals involved in ransomware or other malware?”
Ms. Neuberger: I don’t have the specifics of that case to speak to that today.
Moderator: Thank you. And I believe we are going to take our final question for today. And I know this is something you’ve spoken to before, but Ekaterina Morozova from Interfax asks: “Are contacts with Russian authorities about hacker attacks emanating from Russia helpful?”
Ms. Neuberger: President Biden has said many times that when there are difficult issues, one engages with greater diplomatic energy and commitment. And as such, we believe that the Russian Government is in a position to address malicious cyber activity, criminal malicious cyber activity coming from within its borders. That’s the reason that we are engaging in direct exchanges because we believe the Russians have committed to addressing that activity. All countries know that responsible countries address malicious activity coming from within their borders. And as such, we’re engaging in these candid direct dialogues to both convey our expectations, listen to expectations, and work together to address mutual threats.
Moderator: Thank you very much. We actually have one final question, one final hand raised from our participants. And this is Dominic Waghorn from Sky News in the UK. Dominic, you can unmute yourself and ask your question.
Question: Hello. Can you hear me?
Moderator: Yes, we can.
Question: Great. Thanks very much for this. Been really helpful. Can I just ask some layman’s question, and it’s a kind of – as not sort of a technical expert in this field, but it’s an assumption that hacking, ransomware, and other sort of malign cyber activities that emanate from Russia do so with the approval and oversight of the Russian Government, or certainly the knowledge of the Russian Government. Is that fair to say? And is that the position of the U.S. Government?
Ms. Neuberger: The position of the U.S. Government is that responsible countries address criminal activity coming from within their borders. They may not know about it; and as such, that is the reason that in our own engagements really in multiple countries, countries freely exchange information with each other about malicious activity to enable each country’s law enforcement and government systems to follow up and address that activity. And as such, in our own engagements, we believe the Russians are in a position to act, and this will be a test of them exercising their commitment to act to address ransomware activity coming from within their borders. And as much as I noted, every responsible country needs to focus on and address criminal activity, criminal cyber activity, coming from within its borders. That’s part of our collective responsibility in the cyberspace arena.
Moderator: And I believe those are – those all – those are all the questions that we have today. I would like to turn the floor back over to Deputy National Security Advisor Neuberger for any closing remarks.
Ms. Neuberger: Thank you so much. The first: Thank you to all of you for your time today. I want to close by noting it truly was a privilege for me to have the opportunity to address NATO today. I’m a child of – child and grandchild of Hungarian refugees who fled Hungary during the Hungarian Revolution in 1956. So sitting there, seeing Hungary, one of NATO’s members, and thinking about NATO’s role in protecting security and freedom in the transatlantic alliance for 75 years, I’m thinking about its future role in protecting the security and freedom of that transatlantic alliance, was truly inspiring. We had a broad set of discussions, good, rich detailed questions, consultations and engagements. And I look forward to the future work NATO will do building out the action plan on its first cyber-defense policy driving towards the Madrid Summit in June. So it was truly a privilege, and thank you all for your time today.
Moderator: Thank you very much. Thank you to all the journalists for your questions, and thank you, Deputy National Security Advisor Neuberger, for joining us. Shortly we’ll send a broadcast-quality video file of the briefing to all participants – all participating journalists, and we’ll provide a transcript as soon as one is available. We’d also love to hear your feedback, and you can contact us at any time at TheBrusselsHub@state.gov. Thanks again for your participation, and we hope you can join us for another press briefing soon.