Since 2021, a coalition of governments and other key partners have been convening to build a multinational effort to coordinate global action against ransomware. Brought together under the Counter Ransomware Initiative banner, the CRI now includes 76 members as well as the Private Sector Advisory Panel (PSAP). Over the five years since the CRI convened, IST has provided substantial guidance and analytic support to the CRI, including through the release of our 2023 report on best practices in public-private partnerships to combat ransomware; our 2024 capacity-building panel for CRI members on information-sharing in the ransomware payment ecosystem; and the Blueprint for Ransomware Defense that was recently endorsed by the CRI.
This October, IST’s Steve Kelly, Elizabeth Vish, and Gigi Bustamante were honored to participate in the CRI’s fifth summit in Singapore, hosted by Cyber Security Agency of Singapore, as the final day of Singapore International Cyber Week. While we got a brief peek at the Gardens by the Bay and ate some delicious nasi malak, we spent most of our time deep in discussion on how to improve international and public-private collaboration against cybersecurity threats.
Exploring the Future of Cybersecurity
We started off the week on Tuesday with Elizabeth’s participation in a GovWare panel on “Framing the Cybersecurity Conversation: Reviews, Resets, and the Reveal of a Digital Hyperspace Bypass,” a session that explored how rapid advances in AI, data, and digital infrastructure are reshaping cybersecurity and governance. Elizabeth emphasized that cybersecurity is fundamentally about protecting the real-world benefits of a trusted digital ecosystem, from medical records to critical services, and highlighted the enduring importance of reliability and transparency as emerging technologies accelerate.
Putting Collaboration to the Test
On Wednesday, IST and the International Counter Ransomware Task Force (ICRTF)—a formal pillar within the CRI co-led by Australia and Lithuania—together convened a tabletop exercise bringing together CRI member states and private sector representatives. The exercise was moderated by Hamish Hansford, Head of National Security at the Australia Department of Home Affairs; Colin MacSween, Director General of National Cyber Security at Public Safety Canada; John DeBoer of BlackBerry; and Steve Kelly. The exercise used a realistic incident scenario involving a fictional ransomware actor, to identify areas for improved coordination to address and resolve threats, counter the use of virtual assets, and to bring perpetrators to account. It was clear by the discussions in the room—and the flurry of LinkedIn connections made—that the private sector is eager to contribute to the global fight against ransomware, and that efforts to overcome well-known barriers in that collaboration could make a big impact.
Co-Creating Public-Private Partnerships
On Thursday, IST facilitated a workshop on forming public-private partnerships (PPPs), in collaboration with the German Federal Office of Foreign Affairs and hosted by Ensign InfoSecurity at their Singapore headquarters. The session began with a panel discussion moderated by Steve and featuring Claudia Plattner, President of Germany’s Federal Office for Information Security (BSI); Lino Santos, Head of Portugal’s National Cybersecurity Centre; and Ismael Valenzuela, VP of Threat Research and Intelligence at Arctic Wolf. The panel explored practical approaches and challenges to building trust, and reflected on how PPPs differ across national and sectoral contexts.
Following the discussion, Elizabeth presented IST’s six-step framework for initiating PPPs to participating CRI members and private sector partners. Following the presentation, participants applied the framework to create and structure potential PPPs in their individual contexts. The workshop surfaced several compelling ideas, including partnerships to better leverage insurance to manage cyber risk, trust building within critical infrastructure, and managing endpoint device vulnerabilities.
Global Action in Motion
Culminating our week, IST held a seat at the 5th CRI Summit, participating substantively in discussions and outcomes. IST delivered a readout of both the tabletop exercise and the PPP workshop, underscoring the essential role of private sector engagement in strengthening global ransomware resilience.
Additionally, Public Safety Canada presented on the progress of the Public-Private Sector Advisory Panel (PSAP). The Summit featured the PSAP’s proposed Protocol for Engagement with private sector entities, which builds on IST’s research on public-private collaboration to combat ransomware and offers topline guidance on how CRI member states can effectively set up a public-private collaboration. There was a lot of enthusiasm in the room to move forward with global collaboration, and member states expressed the importance of sustaining this momentum in the year ahead.
We thank Public Safety Canada for their support and for shepherding the PSAP; the German Federal Foreign Office for their support for our capacity building efforts; the Singapore Cybersecurity Agency for hosting us at Singapore International Cyber Week, and to the Australian Department of Home Affairs for ongoing collaboration between the CRI and the PSAP. Most of all, we thank everyone who brings energy, talent, and commitment to the global fight against ransomware.
Looking ahead, we are eager to contribute to bring private sector insights and IST’s research-driven expertise to specific problems that the CRI is facing, through sharing lessons learned in the TTX and in the half-decade that IST has been facilitating the Ransomware Task Force. While we’ve made progress against ransomware, the CRI Steering Committee’s statement also points to the reality that ransomware actors continue to pose a threat to essential services, economic stability, and to organizations worldwide. Building on what we’ve learned, IST is committed to supporting this global effort in the year ahead.
