Feds still unsure of ransomware’s reach
- By Chris Riotta
- Nov 22, 2021
A Department of Homeland Security official suggested DHS lacked critical data and information about ransomware attacks targeting the private sector and civilian agencies.
Speaking to the House Homeland Security committee, Rob Silvers, undersecretary for strategy, policy, and plans for DHS, said he was unable to provide a "definitive assessment" to lawmakers as to whether Russian-linked cyberattacks have decreased since President Joe Biden discussed ransomware with Russian President Vladimir Putin.
"It's difficult to assess because the vast majority of ransomware incidents are not reported to the government," Silvers told the committee when asked if the amount of Russian-linked cyberattacks have fluctuated since earlier this year, adding: "I can't make a definitive assessment at this time."
Top cyber officials have sought to answer similar questions around Russian-linked ransomware and cyberattacks in recent weeks with occasionally differing responses, arguably underlining the need for a standard set of incident reporting requirements.
In June, Biden said he handed Putin a list of 16 critical industries which he told the Russian president were "off-limits" from cyberattacks, including energy and water systems, as well as information technology, health care, food and agriculture.
In July, Biden told reporters that he had "made it very clear" to Putin that "the United States expects, when a ransomware operation is coming from their soil even though it’s not … sponsored by the state, that we expect them to act."
A longer version of this article was first posted to FCW.
Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.