Virtual Library

Our virtual library is an online repository of all of the reports, papers, and briefings that IST has produced, as well as works that have influenced our thinking.

Submit your Content

Reports

Unlocking U.S. Technological Competitiveness: Proposing Solutions to Public-Private Misalignments

Ben Purser, Pavneet Singh

viewpdf

Articles

The Phone-a-Friend Option: Use Cases for a U.S.-U.K.-French Crisis Communication Channel

Daniil Zhukov

viewpdf

Articles

China: Nuclear Crisis Communications and Risk Reduction

Dr. Tong Zhao

viewpdf

Articles

Use-Cases of Resilient Nuclear Crisis Communications: A View from Russia

Dmitry Stefanovich

viewpdf

Articles

Pakistan: Mitigating Nuclear Risks Through Crisis Communications

Dr. Rabia Akhtar

viewpdf

Articles

Resilient Nuclear Crisis Communications: India’s Experience

Dr. Manpreet Sethi

viewpdf

Reports

A Lifecycle Approach to AI Risk Reduction: Tackling the Risk of Malicious Use Amid Implications of Openness

Louie Kangeter

viewpdf

Contribute to our Library!

We also welcome additional suggestions from readers, and will consider adding further resources as so much of our work has come through crowd-sourced collaboration already. If, for any chance you are an author whose work is listed here and you do not wish it to be listed in our repository, please, let us know.

SUBMIT CONTENT

Public Private Partnerships to Combat Ransomware: An inquiry into three case studies and best practices

Elizabeth Vish, Georgeanela Flores Bustamante

SUMMARY

This research report examines three existing public-private partnerships to combat ransomware: Europol’s European Cybercrime Centre (EC3), the United States Joint Cyber Defense Collaborative (JCDC), and the Institute for Security and Technology’s Ransomware Task Force (RTF). In selecting these cases, our goal was to highlight three separate elements of the effort to combat ransomware: criminally focused prosecution and disruption, operational collaboration, and policy measures. Additionally, each model is in different stages of development, with EC3 operating for a decade, and the RTF and the JCDC having launched in late-2020 and 2021 respectively.

This report utilizes these case studies to determine the characteristics of collaboration that make the partnership model successful in mitigating ransomware, as well as identifying the various challenges each faces. Therefore, our main guiding research questions included: 

  • How do these specific public-private partnerships to combat ransomware operate?
  • What principles underlie existing partnerships that can be applied to other contexts and applications?

Case-Specific Research Findings

EC3

Our research into EC3 reveals four formal means of collaboration with the private sector. These include formal information sharing agreements, sector-specific advisory groups, the No More Ransom Project, and joint trainings on issues like open-source intelligence. EC3 excels at engaging industry partners, who commit valuable resources and actively participate in the partnership. We attribute this success to the EC3 staff’s understanding of the importance of fostering relationships at the individual level and gradually building a trusted network. However, the EC3’s success in fostering partnership may not be replicable across contexts. One significant insight from this case study is that the EC3 relies on substantial resources, including funding and personnel from EU member states, to execute both regional and, at times, global cybercrime investigations. A critical resource that makes EC3 successful is the participation of law enforcement personnel with deep understanding of cybercrime investigation—something achieved through drawing from Europol’s member states. Through a robust collaboration process and the allocation of substantial resources and personnel, Europol achieves excellent results in its cybercrime collaboration with the private sector.

JCDC

JCDC, situated within the U.S. Cybersecurity and Infrastructure Security Agency (CISA), actively organizes coordination efforts across three core areas: products, planning for response and recovery from cyber incidents, and operational collaboration. This report identifies five ways JCDC engages with the private sector, including: formal information sharing agreements, conducting analytic exchanges, coordinating on cyber threat alerts and advisory development, forming actor-specific action groups, and utilizing communication channels such as Slack for real-time information sharing. Two key aspects contributing to JCDC’s effectiveness are that CISA leadership recognizes that the private sector holds valuable information about ransomware/cyber threats and acknowledges the vital need for this partnership. However, JCDC grapples with bureaucratic and institutional challenges within the U.S. government’s multifaceted approach to cybersecurity collaboration, leading to potential confusion among JCDC participants and hampering information sharing and coordination efforts.

RTF

The RTF, a coalition-led collaboration, distinguishes itself from our other two case studies by being led by a civil society organization. Key collaborative elements involve the RTF’s steering committee and co-chairs representing civil society, the technical community, and for-profit organizations. Additionally, the RTF utilizes various lines of effort, including working groups, to address specific issues within the ransomware ecosystem. The collaboration’s success is attributed to the RTF’s ability to provide clear and focused policy recommendations, leveraging the expertise of its leaders with a range of current and prior experience in policy making across the public and private sectors. With a strong understanding of government processes, the RTF’s members frame policy suggestions in a manner conducive to government responsiveness. A challenge to replicating the RTF success, however, is the integral role that civil society actors played. The RTF relies on the organizing capacity of civil society and volunteerism, drawing on a philanthropic culture within the United States that may not apply in all national contexts.

Best Practices and Practical Recommendations

This report articulates global best practices and lessons learned from our case studies into four key themes. We highlight that successful public-private partnerships to combat ransomware should:
» Include a relevant and tailored range of stakeholders
» Catalyze effective information sharing
» Build trust through clear expectations and person-to-person collaboration
» Learn to navigate practical hurdles within the partnership

As a guide for future initiatives, this report concludes with a brief step-by-step guide on how to establish a partnership to mitigate ransomware and other cyber threats. The steps are:

  1. Define the goals of the collaboration
  2. Identify key stakeholders and gauge their interest
  3. Establish the ground rules for the partnership
  4. Start with trust-building practices
  5. Look for opportunities to achieve progress
  6. Continue to refine the protocols, convening methods, and the overall structure/goals of the partnership as needed
download pdf