Session
Classroom
Duration (minutes): 60
Format description: This session format will allow for discussion among the members of the CRI that are leading Open Forum and invite questions from others.
The Counter Ransomware Initiative (CRI) has more than 60 countries, regional organizations, and international organizations as members all working toward the same goal - building our collective resilience to ransomware. Ransomware is one of the most prolific cyber threats we face today. and it impacts our schools, hospitals, governments, and other critical infrastructure. CRI is a coalition focused on cooperating internationally to address the ransomware threat and develop policies and mechanisms that reduce the incentives of that reduce the incentives of ransomware.
The Open Forum session will include a moderator and speakers representing the different workstreams in the CRI.
The forum’s agenda will include:
- Overview of ransomware as a malicious cyber threat
- CRI Overview and CRI Worksteams
- Questions
States will be able to learn how to join CRI, if interested. Private Sector and Civil Society are invited to learn more about CRI and opportunities to engage with the initiative.
We will have an assigned online moderator to ensure interaction between onsite and online speakers. To ensure the best experience for online and onsite participants, we will ensure participants introduce themselves and/or have name cards, and the moderator will keep time so there is an opportunity for questions at the end. We will also reserve time for questions from online attendees, with the in-person moderator noting any questions and reading them on the mic.
U.S. Department of State, Bureau for Cyberspace and Digital Policy
Moderators:
Jennifer Bachus, United States Department of State, Host of Open Forum and In Person Moderator
Margaux Courteille, United States Department of State, Rapporteur
Dan Haney and Madeline Libbey United States Department of State, Online Moderators
Panelists:
Onyinye Daniel ONYEKPEZE Nigeria National Cybersecurity Coordination Center (NCCC) Office of the National Security Adviser (ONSA)
Nils Steinhoff, German Ministry of Foreign Affairs, KS-CA-3
Elizabeth Vish, Institute for Security and Technology
Jennifer Bachus
Dan Haney
Margaux Courteille
9. Industry, Innovation and Infrastructure
17. Partnerships for the Goals
Targets: The Open Forum on CRI is linked to the SDG on industry, innovation and infrastructure through its multistakeholder approach, recognizing industry play a critical role in reducing the threat and impact. Part of the work with the private sector includes developing reliable, sustainable and resilient ICT infrastructure. Additionally, innovation of technological tools will assist in the reduction of ransomware. The Open Forum also exemplifies how to partner together for a common goal, enhancing international cooperation on and access to technology and innovation, which aligns with Partnerships for the Goals. It also promotes knowledge sharing and improved coordination on a shared threat.
Report
1. Ransomware is an ongoing problem that causes economic harm while also threatening public peace and security.
2. Ransomware is a problem for all countries, and the threat of ransomware is particularly acute in countries that may lack the resources to promote adequate defenses.
3. International cooperation is critical to addressing ransomware given the global nature of the threat, and the International Counter Ransomware Initiative (CRI) is a global coalition of governments and organizations working together to build collective resilience to ransomware.
1. States interested in joining the CRI's efforts to build resilience to ransomware can contact the CRI Diplomacy and Capacity Building Pillar co-chairs Germany and Nigeria.
2. The public and private sector should work together with mutual respect for their respective expertise and abilities to build resilience against ransomware threat actors. Stakeholders interested in addressing the ransomware threat must work together to tackle the problem in a holistic way by disrupting the criminal ecosystem that supports ransomware.
On December 16, the United States hosted an open forum panel discussion on the Counter Ransomware Initiative (CRI) at the 2024 Internet Governance Forum in Riyadh. Panelists included representatives of CRI Diplomacy and Capacity Building Pillar co-chairs Germany and Nigeria, and the Institute for Security and Technology (IST).
The discussion firstly focused on the global nature of ransomware threats. Nils Steinhoff of the German Federal Foreign Office gave a presentation of the ransomware threat and explained its different forms and its destabilizing effects. He explained how ransomware can now affect every citizen in the world, especially when it targets public infrastructure like hospitals or water services. IST Senior Director Elizabeth Vish then gave an overview of the ransomware state of play and its potential evolution in the future. She highlighted the importance of prevention and the work of the Ransomware Task Force at IST to raise awareness, including through IST’s 2023 Blueprint for Ransomware Defense.
The discussion then highlighted the need for international cooperation to address the ransomware threat. Daniel Onyinye, from the Office of the National Security Adviser from Nigeria, explained that the CRI was created in 2021 with the goals to reinforce international cooperation, find proactive solutions and put new mechanisms in place. Nils Steinhoff then outlined CRI’s four pillars, emphasizing that the partnerships model encourages a holistic approach to tackle ransomware by disrupting criminal ecosystems. He explained that the CRI focuses on not only targeting the actors but also attacking the profitability of the system. Steinhoff highlighted the multistakeholder and multiagency nature of the CRI, including specific initiatives like information sharing platforms developed within the International Counter Ransomware Task Force (ICRTF). Panelists discussed the Policy Pillar's broad scope and the DCB Pillar's role in helping new members join the CRI.
The panelists then gave examples of CRI efforts to build resilience. Onyinye presented platforms and portals to help CRI members report incidents and seek time-sensitive responses and assistance from other members. He explained the ICRTF promotes resilience-building mechanisms such as Crystal Ball and the Malware Information Sharing Platform (MISP), which facilitate sharing indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) of ransomware threats. Vish also highlighted the importance of public/private sector partnerships within the CRI, including through the newly created Public-Private Advisory Network to bring together experts and provide insights on how to better tackle ransomware. This new public-private working group will be important in leveraging the private sector's capabilities to detect threats early and support critical infrastructure.
Participants asked about the information-sharing platforms available to CRI members, as well as the process for joining the coalition, and the importance of public/private sector partnerships and coordination to tackle ransomware.