Share this page!

Maybe Scrolly?
Ravi Nayyar Profile picture
Twitter logo
13 Oct, 18 tweets, 9 min read
A thread on what caught my eye from the @WhiteHouse's Fact Sheet on 'Ongoing Public U.S. Efforts to Counter #Ransomware'.

#InThaCybers #CyberDiplomacy
The second paras describe the national security threat posed by ransomware and the global nature of that threat. No surprises here.
Counter-ransomware policy = Multi-stakeholder by design.

The state must work with industry and other states because of inherent technological and economic realities.

Plus, it takes a network to take down a network like a transnational ransomware gang.
Onto the four pillars of USA counter-ransomware policy.

Pillar 1, including #ReleaseTheHounds

Timely in light of DIRNSA's recent remarks:
Pillar 2.

Firstly, I am thrilled that the word, 'Resilience', is used in the headline here.

More holistic than 'Security'.

In addition to the need to enact law and instruments is that to send the right signals via other policy levers.
Pillar 3.

I have written on the need to hit the money eg my Hons and the following article (anujolt.org/post/1101-rans…).

I am glad to see the acknowledgement here that the USA already has AMLCTF laws in place re virtual assets and needs to enforce those _existing_ laws,
Pillar 4: #CyberDiplomacy

Working with states to keep their noses clean in the cybers. Including joint offensive ops like against ISIS?

Also, what does 'imposing consequences and holding accountable' mean? OCOs? Financial countermeasures?
Onto some of the actions taken by the USA under the above pillars.

Eg the updated OFAC advisory = sanctions law as a lever for incident and payment reporting?
Eg #ReleaseTheHounds = SIGINTing --> Starting the symphony.

Also, SIGINTing which can inform financial countermeasures, by the looks of the final bit there?
A concrete achievement there.

One of the highest stakes ICS/OT security games to be played is in the electricity generation/distribution context.

Good stuff.
Note that the FATF Recommendations were amended to cover virtual assets and VASPs during the US Presidency of @FATFNews in 2018 (a few days before I submitted by Hons thesis on the AML regulation of virtual assets, funnily enough).

Good to keep up said efforts.

#CyberDiplomacy
#CyberDiplomacy writ large here.

Add the Ransomware Annex to the G7 Finance Ministers and Central Bank Governors’ Statement on Digital Payments (October 2020), FVEY Ministerial Statement on ransomware (April 2021) and the UN GGE final report (July 2021).
Question: what has the diplomacy with Russia actually achieved?

Ransomware activity targeting the USA and her allies hasn't exactly calmed down, has it?

Especially such activity which is originating from Russia, as admitted by @CISAgov's Director.
I recently looked at the issue of ransomware attacks against American critical infrastructure even after policymaking such as that mentioned above.
So said direct diplomacy with Russia did not even achieve enough to justify inviting _Russia_ to the counter-ransomware summit?
reuters.com/article/us-usa…
And in synch with what:

1) we Aussies said just yesterday;
2) the Dutch said recently; and
3) the @NCSC CEO said recently.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ravi Nayyar

Ravi Nayyar Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ravirockks

Ravi Nayyar Profile picture
13 Oct
Okay so I've had a chance to go through the Cth government's Ransomware Action Plan.

Here's a thread comprising some of my thoughts thereon.

#InThaCybers #Ransomware
I applaud the Cth for finally delivering this document, given the severity of the national security threat posed by the ransomware ecosystem.

A threat which the Minister for Home Affairs, @karenandrewsmp, highlights in her foreword.
The Action Plan rightly acknowledges the nature of counter-ransomware policy as multi-stakeholder by design.

That is, the state working with domestic partners and overseas partners.
Read 28 tweets
Ravi Nayyar Profile picture
13 Oct
Today, @karenandrewsmp, the federal Minister for Home Affairs, released the Cth's Ransomware Action Plan.

While I go through the latter, here's a collection of my thoughts hitherto on counter-ransomware policy.
Part 1 of 4 in my series for the @anujolt_law on counter-ransomware policy, here looking at the national security risk posed by ransomware.
Part 2 of 4 in the series, here exploring the ransomware economy.
Read 10 tweets
Ravi Nayyar Profile picture
12 Oct
A few nuggets from the following readout:

#InThaCybers #CyberDiplomacy #DefenceDiplomacy

defense.gov/News/Releases/…
Hmm, USA sharing intel with the Indians to help the latter's COIN and CT efforts in Kashmir and ops along the LAC? I dig.

'Enhanced cooperation with like-minded partners' = Wait, they're not going for a clique like others suggest?
Interoperability is already helped by India buying and deploying US-made platforms like the C-17, Apache, C-130J and P-8I aircraft, and the M-777 ultra-light howitzer (eg at the LAC).

Source: hindustantimes.com/india-news/wea…
Read 8 tweets
Ravi Nayyar Profile picture
12 Oct
The @USDISA is planning on looking at alternatives to the common access card, which US service personnel use to identify themselves to gate and chow hall staff, and when using computers.

defense.gov/News/News-Stor…
DISA Director, @usairforce Lt. Gen. Robert Skinner, considers identity management an 'one area where the department can look to industry for a way ahead.'

'We want to leverage that technology to be able to provide greater options, so it's... truly multi-factor [auth]'.
'... the department must leverage what's happening in industry, and undergo a change in culture, to get to a "data-centric" environment versus a "network-centric" environment', that is, 'protect data' > 'protect infrastructure storing data'.
Read 4 tweets
Ravi Nayyar Profile picture
11 Oct
This piece goes through the August judgement of the High Court, which granted the USA leave to appeal Assange’s discharge on two key grounds.

Additional to three key grounds that the USA wanted and got leave to appeal on in July.

—> If I were @TheJusticeDept, I’d be optimistic.
Of course, usual caveats:
1) I am neither an admitted lawyer nor an expert on UK law;
2) I have zero tickets in extradition matters, rather I am an Australian law nerd doing my PhD in critical software and infrastructure regulation; and
3) If you want to correct my points, please do for that helps me learn!
Read 4 tweets
Ravi Nayyar Profile picture
11 Oct
Per the PM's speech, 4 pillars of Indian #SpacePolicy:
1) allowing the private sector to innovate;
2) government acting as an enabler;
3) preparing the youth for the future; and
4) seeing the space sector as fuel for India's development.

#CriticalInfrastructure
English summary of the PM's remarks.

cc: @Dr_M_Davis
pmindia.gov.in/en/news_update…
Nicely in synch with the Quad's agenda for space cooperation.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ravirockks has new unrolls!

Check out other threads from @ravirockks!

Read all threads by @ravirockks

:(