CENS Webinar “Making Ransomware Pay: Strategies for Taking Back Control”

Abstract

The recent Kaseya ransomware attacks brought together a formidable combination – a zero-day vulnerability, a supply chain hack and a ransomware encryption programme – that together crippled the delivery of critical and other essential services as well as affected the operations of up to an estimated 1,500 businesses. However, apart from efforts by governments and industry to patch vulnerabilities post-incident and mitigate effects, there appears to be still a relative paucity of effective measures to proactively address the increasingly complex ransomware threats that have arisen recently.  Aside from the debate of whether to pay or not to pay, there have also been increasingly strident calls for governments and industry to combine a strong defence while developing proactive policy, legislative and operational levers to address and mitigate the ransomware threat. At the same time, the intersection of government and business interests is an opportunity to enhance collaboration to better address and mitigate the effects of such attacks in future, including in information sharing, investigation, tracing of ransomware payments and where appropriate, the tracking down of the perpetrators.

This webinar will seek to discuss policy, legislative and operational options and avenues for public-private partnership that are available to –   and which can be developed by – governments and industry to proactively deal with increasingly sophisticated ransomware threats.

About the Panellists

Tom Millar has served in CISA for 10 years, working to strengthen the agency’s information sharing capabilities, increasing the level of public, private and international partner engagement, and supporting initiatives to improve information exchange by both humans and machines, such as the standardization of the Traffic Light Protocol and the development of the Structured Threat Information eXpression. Prior to his cybersecurity career, he served as a linguist with the 22nd Intelligence Squadron of the United States Air Force. Mr. Millar holds a Master’s of Science from the George    Washington University and is a Distinguished Graduate of the National Defense University’s College of Information and Cyberspace.

David Koh is the Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA) of Singapore. As a Commissioner, he has the legal authority to investigate cyber threats and incidents to ensure that essential services are not disrupted in the event of a cyber-attack. Concurrently, as Chief Executive of CSA, he leads Singapore’s efforts to provide dedicated and centralised oversight of national cyber security functions. These include enforcing the cybersecurity legislation, strategy and policy development, cyber security operations, ecosystem development, public outreach and international engagement. Prior to his current appointments, Mr Koh served in the SAF and held various command and staff appointments in MINDEF and the SAF. He previously held the positions of Deputy Secretary (Special Projects) and Defence Cyber Chief of MINDEF, where he was responsible for leading and coordinating cyber defence policy, capability development, and operations for Singapore’s defence cluster. Mr Koh has a Master’s degree in Public Administration from Harvard University, USA; and a Bachelor’s degree in Electrical and Electronics Engineering from King’s College, London, UK.

Rachael Falk is one of Australia’s leading Cyber Security experts. As Chief Executive officer of the Cyber Security Cooperative Research Centre, Rachael heads an innovative and dynamic program of collaboration between government, industry, and universities. The Centre delivers world-leading cyber security research, creating commercial solutions to the ever-evolving problems of our interconnected work. And, led by Rachael, the Centre is helping ensure Australia’s cyber security expertise, capability, and resilience into the future. Rachael was Telstra’s first General Manager of Cyber Influence and has a strong background in commercial law and cyber security, practising as a lawyer at top-tier firms and in-house for Telstra. She has also worked as cyber security consultant and is co-author of the Five Knows of Cyber Security, setting an industry standard for organisational cyber security best -practice. Rachael holds an Advanced Masters in National Security Policy (Hons) from the National Security College (ANU), Bachelor of Laws (Hons) (UTS) and Bachelor of Arts (ANU).

Stéphane Duguin is the Chief Executive Officer of the CyberPeace Institute. Stéphane Duguin has spent two decades analysing how technology is weaponized against vulnerable communities. In particular, he has investigated multiple instances of the use of disruptive technologies, such as AI, in the context of counter terrorism, cybercrime, cyberoperations, hybrid threats, and the online use of disinformation techniques. He leads the CyberPeace Institute with the aim of holding malicious actors to account for the harms they cause. His mission is to coordinate a collective response to decrease the frequency, impact, and scale of cyberattacks by sophisticated actors. Prior to this position, Stéphane Duguin was a senior manager and innovation coordinator at Europol. He led key operational projects to counter both cybercrime and online terrorism, such as the European Cybercrime Centre (EC3), the Europol Innovation Lab, and the European Internet Referral Unit (EU IRU). He is a thought leader in digital transformation and convergence of disruptive technologies. With his work published in major media, his expertise is regularly sought in high-level panels where he focuses on the implementation of innovative responses to counter new criminal models and large-scale abuse of cyberspace.