Biden’s Pick for Acting CIA Director Has a Lot To Say About Ransomware and Cybercrime

On his first day in office, President Joe Biden named the acting leadership across several government agencies, including David Cohen as the acting director of the Central Intelligence Agency. Cohen will take over the role until William Burns, Biden’s nominee to lead the agency, is confirmed by the Senate as expected.

Cohen was tapped last week to return to the CIA as deputy director—a position that does not require confirmation and gives him the ability to lead the agency immediately. He most recently was a partner at the law firm WilmerHale, advising clients on national security issues including cybersecurity. In a recent interview with The Record, Cohen talked at length about new government ransomware guidance and his views on paying ransoms to cybercriminals.

Cohen rose to prominence in the government when he served in the Treasury Department under Barack Obama, where he was known as the White House’s “financial batman.” At the time, ransomware “was not a particularly significant issue,” he told The Record in November.

Since then, cybercriminals and nation states have rapidly embraced the technique as a way to wrest big payments from businesses, hospitals, school systems, and municipalities.

“The truth is, there is no silver bullet; there is generally never a way to be certain that the recipient is not on the sanctions list because it is very hard to get perfect clarity into who the extorter is,” he said. “But what we advise clients to do is to the greatest extent possible, try and figure out, or hire someone to try and figure out, who it is that is demanding the payment and that at least to some extent mitigates that risk.” 

Cohen will lead the CIA as the U.S. confronts what experts say is one of the most significant cybersecurity incidents to ever target the government. Russia was recently blamed for an attack that affects potentially thousands of companies and government agencies, and cybersecurity experts say it might have been carried out by the country’s Foreign Intelligence Service, which has similar objectives to the CIA.

From 2011 to 2015, Cohen served as Under Secretary for Terrorism and Financial Intelligence at the Treasury Department, where he directly supervized the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN). Those agencies recently attracted the attention of the cybersecurity community when they issued dual advisories that, among other things, warned companies of the risks associated with making and facilitating ransomware payments to sanctioned individuals or organizations.

In his interview with The Record, Cohen said he wouldn’t be surprised to see more guidance from the government on ransomware payments. He also said that they were likely aimed at the business environment that has sprung up in recent years—consisting of insurance firms, cybersecurity consultants, and other advisory groups—that help facilitate ransomware payments in order to quickly resume business operations.

“I think that these advisories are a way of trying to put sand in the gears of the ecosystem that is developing around the payment of ransoms, to try to prevent this ecosystem from developing further and prevent entities from becoming the victim of these extortion schemes,” he said.

Cohen previously served as deputy director of the CIA from 2015 to 2017—effectively the second-in-command of the intelligence-gathering organization. He said that he had to put cybersecurity and money-laundering issues aside during his time at the agency.

“The job of the deputy there is the whole sweep of what the agency does, so I did frankly very little of this stuff when I was with the agency. I kind of left this behind and performed a different role,” he said.