On November 11, the 5th Paris Peace Forum gathered leaders from the public and private sectors to discuss how we can work together in a world where we’re all “riding out the multi-crisis.” Split into five stages, four roundtable rooms, and multiple dedicated “spaces for solution” in a historic Parisian palace, the gathering was dazzling, and at least for me, a bit dizzying – the first really global multistakeholder gathering I’ve attended in the pandemic era. While Presidents Macron, Fernández, and Embaló were speaking about their commitment to multilateralism in the cavernous central atrium, I joined experts from across the cybersecurity community to discuss ways public-private partnerships can address the ransomware crisis. The panel discussion – which was kicked off by Craig Jones describing INTERPOL’s collaboration with the private sector – highlighted ways that we can learn lessons from past mistakes and the importance of sharing information more effectively.
By the end of the gathering, the Forum released a “Compendium of Transnational Public-Private Partnerships Against Ransomware” describing some of the most important globally and regionally-focused efforts to combat ransomware. The projects highlighted are primarily ransomware-specific, but they exist as part of a broader global effort to address cybercrime and improve cybersecurity. They include INTERPOL’s Gateway Framework, the Organization for American States Cybersecurity Program, the World Economic Forum’s Partnership Against Cybercrime, and the No More Ransom project.
While there may be some areas where new mechanisms could be beneficial, the Compendium makes it clear that there are significant efforts already underway to break down the barriers between key players in the fight against ransomware—efforts to bring together banks, government cybersecurity authorities, law enforcement, cybersecurity companies, and operators of critical infrastructure. Many of those existing efforts would substantially benefit from further attention, resources, and commitment from senior government officials and C-suite executives.
One example of an impressive existing multilateral effort to combat ransomware is the Forum for Incident Response and Security Team’s (FIRST) ransomware special interest group. As described by FIRST’s website, the group seeks to “foster collective action among the FIRST constituents, peer security organizations, and other groups who are focusing on the Ransomware Response, mitigation, remediation, investigation, and prevention.”
The ransomware special interest group is one of dozens that FIRST maintains to bring together cybersecurity professionals to exchange information. In collaboration with incident handlers and other cybersecurity teams, FIRST operates protocols that allow teams from across the globe – private, public, and non-profit – to exchange data at a technical level to reduce the frequency of cybersecurity incidents occurring, and to better recover when they do. Their work continues to evolve alongside the cybersecurity threat landscape, and as more teams across the globe join FIRST as members. Effective participation in FIRST requires trust building and regular collaboration, meaning that partners will see the best when they regularly contribute to the community – underscoring the importance of sustained engagement.
Working through this existing mechanism to more rapidly, effectively, and thoroughly share information would be a big step towards combating ransomware, as well as strengthening the global cybersecurity ecosystem more broadly. The Paris Peace Forum shined a light on critical efforts that often go unnoticed. For IST’s part, we look forward to continuing to build on what the global community of cyber experts has achieved thus far.
Photo credit: Krystal Kenney