Tag: publicprivate

How Public-Private Collaborations Can Fight Ransomware

March 30, 2024/in Internet Security

Making any public-private partnership work is tricky, but a new report stresses the importance of such team-ups to fight ransomware, a pressing and societywide problem.

The report is from The Institute for Security and Technology, and it takes a look at three existing public-private partnerships designed to fight ransomware: Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative, Europol’s European Cybercrime Center, and the institute’s own Ransomware Task Force. Authors of the report reviewed research and interviewed the collaborations’ participants.

The study focused on entities that chose to join their collaborations, looking at why they chose to take part as well as what helped groups stick together.

“A lot of private-sector actors really want to be collaborating more than they already are,” said report co-author Elizabeth Vish.

Indeed, companies said they joined collaborations out of a desire to boost collective cybersecurity and better understand threats.

Many also appreciated that the partnerships created neutral space for competitive companies to share cybersecurity info. Some companies also said the collaboration helped establish their expertise and raise their brand awareness, enabling them to work with recent cyber victims without triggering suspicion.

Public- and private-sector partners bring different information and insights. Additionally, government can do things companies cannot, like pursuing perpetrators, while private entities can share important details learned from attacks hitting their organizations or clients.

But launching and maintaining partnerships means both assuaging fears and watching out for potential pitfalls.

Private entities are often concerned about sharing info with government and about the risks of regulatory retaliation or reputational damage. Collaborations should create information-sharing agreements and establish expectations around confidentiality. This might mean using the Traffic Light Protocol to govern what info can be shared and how widely, applying the Chatham House Rule to meetings, deploying encrypted communication channels…

Source…

Crypto Industry Insiders Support Better Public-Private Collabs To Prevent Major Ransomware Attacks

June 9, 2022/in Internet Security

House lawmakers held a hearing examining the risks within the flourishing cryptocurrency market and its potential to fund terrorism activities or evade U.S. legal sanctions, specifically understanding how the private sector can work in tandem with the federal government to protect the U.S.’s national security.

Witnesses working within the cryptocurrency industry testified before the House Committee on Homeland Security, discussing collaboration opportunities that can distinguish money laundering through cryptocurrency and legitimate transactions.

Each testimony broadly reiterated cryptocurrency firms’ willingness to partner with federal law enforcement to curb abuses of digital currency transactions. John Kothanek, the vice president of global intelligence at crypto trading platform Coinbase, said that his team wants to remove illegal transactions from the crypto industry.

“We have built a collaborative partnership with law enforcement agencies in concert with our strict privacy commitments to our customers to pursue bad actors in the crypto space,” he testified.

Chief among concerns discussed in the hearing was the recent trend of ransomware hackers demanding payments in cryptocurrencies, a strategy that usually helps anonymize the recipient of the ransom. Rep. Elissa Slotkin, D-Mich., asked the witnesses how the cryptocurrency private sector plans to increase transparency in digital currency transactions.

Kothanek said that blockchain technology, the bedrock to most cryptocurrency transactions, is inherently designed to register users accessing certain data.

“If you are a cyber criminal and you’re using crypto, you’re going to have a bad day,” he said. “We are going to track you down and we’re going to find your finance and we’re going to hopefully help you, the government, seize that crypto.”

Concerns over cryptocurrency being used to circumvent the law and federal sanctions on foreign countries and groups mounted when Russia invaded Ukraine in February, prompting the U.S. to impose economic sanctions on various state actors.

Lawmakers warned that oligarchs can store their wealth in independent digital currencies to avoid the financial repercussions of…

Source…

White House forms public-private task force to tackle Microsoft hack

March 17, 2021/in Computer Security

A task force composed of representatives from federal agencies and the private sector convened last week to discuss a “whole of government” response to the Microsoft Exchange hack, White House Press Secretary Jen Psaki said in a statement today.

The Unified Coordination Group established by the National Security Council included officials from the FBI, the Cybersecurity and Infrastructure Security Agency at DHS, the Office of the Director of National Intelligence and the NSA, as well as unnamed private sector companies “based on their specific insights to this incident.”

That includes Microsoft, who the White House said developed its one-click mitigation tool for the vulnerabilities to help small businesses who may otherwise struggle to afford costly incident response services. Microsoft did not immediately respond to a request for comment.

The task force “discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners could use for tracking the incident, going forward,” Psaki said.

Still struggling to wrap its arms around the SolarWinds hack last year, which compromised at least nine federal agencies and a swath of state governments and private companies, the Biden administration appears to be creating a similar policy track to respond to the Microsoft Exchange vulnerabilities, which some information security experts have worried could be as bad or worse in terms of its impact on the IT security ecosystem.

Evidence of widespread scanning for servers vulnerable to the four zero-day flaws disclosed by Microsoft earlier this month prompted CISA and the FBI to issue a joint public advisory warning that “tens of thousands of systems in the United States” could be affected and that both nation-state hacking groups and cyber criminals “are likely among those exploiting these vulnerabilities.” Other cybersecurity researchers have worried about the potential for ransomware actors to also leverage the vulnerabilities.

“It is highly likely that malicious cyber actors will continue to use the aforementioned exploits to target and…

Source…

Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill – The Hill

February 29, 2020/in Internet Security

Indictment of Chinese hackers is wake-up call for better public-private cooperation | TheHill The Hill
“chinese hackers” – read more

Tag Archive for: publicprivate