Over the past several weeks, many Americans have become intimately familiar with the national security threat of ransomware. The Colonial Pipeline hack knocked out a major pipeline that supplies fuel to nearly half of the East Coast, sparking panic-buying across the country, and the JBS hack brought down the world's largest meat supplier, driving up meat prices.
This was a wake-up call for many Americans -- if our gas stations and grocery stores aren't safe from international cybergangs, what else is vulnerable? How much worse can these ransomware attacks get?
The answer -- much worse. And it comes with potentially deadly consequences. What if the next target is a natural gas pipeline in the dead of winter? Or hackers manage to infiltrate our electrical grid or threaten our water supply?
Cyberexperts estimate that the US suffered 65,000 ransomware attacks last year. FBI Director Chris Wray compared the recent spate of ransomware attacks to 9/11, and the Justice Department is now elevating the investigation of ransomware to the level of terrorism.
According to statements by US officials, the criminals who targeted Colonial Pipeline and JBS are likely operating from inside Russia (Editor's Note: The Kremlin has denied any responsibility). Ultimately, President Vladimir Putin needs to be held responsible, since we know that nothing significant happens in Russia without the former KGB officer's knowledge.
As such, President Joe Biden must use Wednesday's summit with Putin to confront this dire national security challenge head-on by making ransomware a priority item on his agenda. Biden must make it clear to Putin that responsible states do not allow criminal gangs to operate freely from their soil.
International law is unambiguous -- nations have a responsibility to police the criminal hackers using their networks. At best, Putin and his cronies continue to willfully turn a blind eye to these attacks. At worst, these ransomware gangs operate with the explicit blessing of the Kremlin. Either is unacceptable.
Biden's message must be simple and straightforward. If cybercriminals continue to extort our schools, hospitals, food supply chains and energy systems, we will find them. And if countries continue to shelter rogue hackers, they will pay the price.
These hacks cannot become our new normal.
If Putin does not take decisive action to stop these ransomware attacks immediately, Biden must lay out the concrete steps the United States and our allies are prepared to take in response, such as shutting off access to the international financial system for Russian companies that facilitate ransomware. After all, Russian cybercriminals rely on Russian financiers, Russian telecommunications companies and Russian IT firms to carry out their campaigns of destruction.
The United States must lead an effort in close coordination with our allies to update -- and enforce -- norms in cyberspace, including a norm against letting one's territory and infrastructure be used to conduct criminal activity.
We are at our strongest when we work in concert with our allies. To begin shifting the Russians' calculus, Biden should rally a coalition of like-minded states, who seek to shape international behavior in cyberspace, deny benefits to cybercriminals and impose costs on the states that host them. The G7's Carbis Bay Communique, which specifically called on Russia "to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks," is a good start, but we need to start hitting back to show Putin that we mean business.
We are working to empower the State Department to fulfill this vision by passing the Cyber Diplomacy Act to create a US cyber ambassador to restore our leadership on the world stage. Only with a broad, far reaching international coalition can we put an end to these devastating crimes against our homeland.
Biden has a historic opportunity this week to take a stand against the hackers that continue to torment our nation. We need to address the ransomware crisis before it's too late.
Our national security depends on it.