Cybersecurity in general, and ransomware in specific, climbed high onto the ladder of major policy issues at both the weekend meeting of G-7 nations this weekend, and the NATO Summit that concluded on June 14.
The increasing importance of cybersecurity on the national stage tracks with U.S. policy in recent months, including Federal government responses to major software supply chain cyber assaults and ransomware attacks against U.S. critical infrastructure sector companies that are believed to have originated from organizations based in Russia. President Biden has promised to confront Russian President Vladimir Putin with cybersecurity and ransomware issues when the two leaders meet on June 16.
NATO Cyber Defense Commitments
On the NATO front, member nations said in a joint communique that “cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent.”
“This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm,” the NATO members said.
As a result, the NATO countries said they were endorsing a “Comprehensive Cyber Defence Policy” to support deterrence, defense, and resilience.
“Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law,” NATO said.
“We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” NATO said. “Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.”
NATO left open-ended its options for response to attacks.
“We will make greater use of NATO as a platform for political consultation among Allies, sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses,” the alliance said.
“If necessary, we will impose costs on those who harm us. Our response need not be restricted to the cyber domain,” NATO said.
G-7 Statements on Cyber, Ransomware
Meanwhile, at the June 11-13 meeting of G-7 (Group of Seven) major industrial nations, a communique released by the White House said the nations committed “work together to further a common understanding of how existing international law applies to cyberspace,” and to work together to “urgently address the escalating shared threat from criminal ransomware networks.”
“We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” the nations said.
On supply chain security, the G-7 nations said they will work to “promote secure, resilient, competitive, transparent and sustainable and diverse digital, telecoms, and ICT infrastructure supply chains.” That pledge, they said, is driven by recognition of the “foundational role that telecommunications infrastructure, including 5G and future communications technologies, plays and will play in underpinning our wider digital and ICT infrastructure.”