Intervention or Cooperation?

As the ransomware threat spreads worldwide, there remains debate around how to best leverage all the government’s tools. The military has more capacity and resources, especially to launch offensive operations, while law enforcement has more tools for prosecution and international coordination. Leveraging the two is critical to successfully counter the spread of ransomware, as modeled by the takedown of the REvil ransomware group.

The following readings provide background on the capacity of the military and the allocation of  resources to other elements of the U.S. government ahead of IST’s December 15, 2021 event, “Intervention or Cooperation? The Roles for Military and Law Enforcement in Combating Ransomware.” For more, or to get in touch with the author, write andrew@securityandtechnology.org.

Summary: DoD Cyber Strategy 2018 [pdf]
Dept. of Defense
September 2018

The DoD Cyber Strategy from 2018 represents the most recently published strategy document guiding the development of cyber military forces. The strategy document advocates for a three-fold mission to defend forward, shape the day-to-day competition, and prepare for war by building a more lethal force, expanding alliances and partnerships, reforming the Department, and cultivating talent, while actively competing against and deterring our competitors.

SolarWinds Is Bad, but Retreat From Defend Forward Would Be Worse
Gary Corn
Lawfare
January 2021 

In the wake of the SolarWinds attack, author Gary Corn highlights the critiques against the 2018 DoD Cyber Strategy and argues that Cyber Command and other DoD cyber entities need to continue to pursue defend forward and persistent engagement strategies. Corn argues that these two strategies are vital components of a long-overdue shift to a more proactive security posture in cyberspace. 

What Is Cyber Command’s Role in Combating Ransomware?
Erica D. Borghard, Lauren Zabierek
Lawfare
August 2021

Authors Erica Borghard and Lauren Zabierek argue that the failure to consider how to integrate military efforts and cyber forces into counter-ransomware missions risks repeating similar blunders made in response to previous policy challenges, like terrorism. Though law enforcement is an important part of countering ransomware, Cyber Command needs clearly defined roles, responsibilities, and resources.

REvil Is Down—For Now
Dmitri Alperovitch, Ian Ward
Lawfare
November 2021 

Authors Alperovitch and Ward argue that the successful takedown of REvil comes as the result of a comprehensive law enforcement and Cyber Command operation. Cyber Command launched offensive operations alongside a foreign government that collected intelligence and infiltrated REvil networks. International law enforcement, working with United States and foreign partners, then unleashed a slew of indictments, sanctions, and arrests against members of REvil, prompting the group to go offline.

On Ransomware, Cyber Command Should Take a Backseat
Gavin Wilde
Just Security
November 2021

To confront the spread of ransomware, author Gavin Wilde argues that Cyber Command certainly has an important role, but more focus should be placed on increasing the cyber capacity of other organizations, like CISA, FBI, DOJ, Treasury, and State. Wilde argues that Cyber Command has many of the resources and capabilities it needs, while other organizations in the government struggle with adequate funding and resources to counter the spread of ransomware.