Effective and timely information sharing is a crucial component to building operational collaboration across the public and private sectors, with the ultimate goal of mitigating cyber incidents and disrupting threat actors. In 2024, IBM found that ransomware victims who engaged with law enforcement reduced breach costs by nearly $1 million USD on average. Even limited information sharing can help shorten breach lifecycles, reducing both costs and downtime for companies. Private companies have also played crucial roles in recent law enforcement disruptions of cyber criminal groups, from alerting authorities about malicious activity to shutting down threat actor infrastructure.
Through a partnership with Europol, the Institute for Security and Technology (IST) and the Ransomware Task Force’s (RTF) International Engagement Working Group led the design and delivery of Exercise VEIL STORM, a tabletop exercise (TTX) focused on operational coordination across international law enforcement agencies and private sector firms in responding to cyber incidents. This report summarizes the proceedings and findings of that tabletop exercise, which took place at the Europol Headquarters in The Hague on the margins of the 2024 Europol Cybercrime Conference.
The Exercise VEIL STORM tabletop exercise generated valuable takeaways for enhancing operational collaboration and information sharing, as well as a series of recommendations for possible action:
- Clarify Existing Processes
- Joint exercises can be leveraged to create more opportunities for organizations to work together.
- In an era of geopolitical uncertainty, bilateral and multilateral mechanisms for collaboration are more important than ever.
- Empower People
- Work to empower the proper emissaries for creating relationships between private companies and law enforcement.
- Build on existing efforts, such as the NCFTA, the RTF, ISACs, and the Cybercrime Atlas.
- Create New Mechanisms
- Explore cyber insurance as a new lever to encourage information sharing.
- Examine the effects of sanctioning entities that facilitate money-laundering operations on curtailing crime.
- Consider introducing private sector partners into international law enforcement operations to improve communication and build relationships.
- Create opportunities for private sector actors to develop close relationships with, and understanding of, law enforcement priorities and structures.
- Build a framework for ransomware disruption that allows for contributions from both law enforcement and private companies.
