Pentagon official:’Open question’ if Putin’s government can stop hackers
Martin Matishak October 20, 2021

Pentagon official:’Open question’ if Putin’s government can stop hackers

Pentagon official:’Open question’ if Putin’s government can stop hackers

It is an “open question” if the Russian government can effectively crack down on ransomware groups operating within the country or prevent future attacks like the one that forced the Colonial Pipeline to temporarily shut down, a senior defense official said Wednesday.

“The degree of control and direction that the Russian State has over these actors … is an open question,” Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, said during a Defense Writers Group breakfast.

“It is certainly a problem when these actors are going out there and with the tools that they have available through ransomware as a service market; they have the capability at any given time to trip over either intentionally or accidentally something that is a significant impact to the United States,” she added.

Whether or not “we can say definitively ‘There will be no more Colonial Pipelines’ that’s a little bit of a challenge,” according to Eoyang, stressing the private sector must focus on bolstering resilience while the government ramps up its efforts to go after the malicious actors.

Russia’s commitment to moving against the transnational criminals based within its borders has been closely followed ever since President Joe Biden urged his Russian counterpart to tackle the groups during a face-to-face meeting earlier this year.

Biden gave Putin a list of 16 critical infrastructure sectors that are supposed to be off limits to hackers but, after a brief lull, attacks on U.S. targets by organizations known or suspected to be in Russia have steadily increased.

Ahead of last week’s international summit on ransomware a senior administration official said the U.S. has “shared information with Russia regarding criminal ransomware activity being conducted from its territory.”

“We’ve seen some steps by the Russian government and are looking to see follow-up actions,” according to the official, who spoke on the condition of anonymity and declined to say what those steps and actions were.

Eoyang declined to attribute “particular motivations to the reasons why people go dark or don’t.”

“We have seen a number of these brands, more actors, go dark and rebrand and come back again later, irrespective of any activity of the Russian government,” she told reporters.

The notorious digital group called “REvil” — which is widely believed to operate out of Russia and was responsible for the ransomware attack on meat processor JBS — reappeared online in September, months after it launched an attack against software company Kaseya that affected thousands of businesses worldwide, only to go offline a few days ago.

Eoyang said the U.S. response to future ransomware attacks is an “ongoing conversation” within the administration and that incidents need to be addressed on a “case by case” basis due to a variety of factors, including who is responsible and the size of the attack.

She echoed recent comments by U.S. Cyber Command NSA chief Gen. Paul Naksone that ransomware has become a national security priority and that the federal government would be more “robust” in its responses, such as when the FBI seized roughly half of the proceeds from the Colonial Pipeline episode.

Eoyang declined to comment on specific activities the Defense Department is involved in to combat ransomware, adding it would be “threat dependent” if the Pentagon’s role would grow or shrink in the future.

“The interagency focus on ransomware and the areas for collaboration have increased,” she said. 

“There are a lot of ways in which we are working closely” with agencies like the Treasury and Justice departments and the FBI to “ensure that we can take more aggressive action against ransomware,” Eoyang said.

Martin is a cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.