At their recent summit, US President Joe Biden reportedly handed his Russian counterpart Vladimir Putin a list of certain critical infrastructure that should be "off-limits" to any kind of cyberattacks, including ransomware (opens in new tab).
Various media reports from the summit in Geneva suggested that the two leaders agreed that cybersecurity (opens in new tab) experts from both countries should hash out particulars of no-go targets.
“Another area we spent a great deal of time on was cyber and cybersecurity. I talked about the proposition that certain critical infrastructure should be off limits to attack — period — by cyber or any other means,” said President Biden in his post-summit press conference (opens in new tab).
- These are the best endpoint protection tools (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
- We’ve compiled a list of the best disaster recovery services (opens in new tab)
President Putin's response to the american proposal wasn't immediately clear. While he did bring up the topic of cyberattacks in the Russian press conference (opens in new tab) by saying that the two leaders had agreed to "begin consultations" on cybersecurity issues, Reuters claims (opens in new tab) the Russian leader didn’t refer to America’s proposal, or the handing over of the list.
Speaking to the media, President Biden didn’t list the exact areas that the leaders agreed to keep out of bounds, but did mention he handed over a list of 16 specific entities that the US considers as critical infrastructure.
Security experts have in the past raised concerns about the urgent need to update the legacy systems that run many of today’s critical infrastructure.
Their worst fears were realized last month in the form of a ransomware attack on Colonial Pipeline, which forced the shutdown (opens in new tab) of one of the major fuel pipelines in the country resulting in a brief fuel-crisis in parts of the country.
In response, the US has taken a number of steps in the form of setting up a ransomware taskforce and treating such cyberattacks with the same priority as a terrorist attack (opens in new tab).
In addition to shaping domestic policies, security experts called on their leaders to exert diplomatic pressure on Russia, since a majority of the ransomware operators and cybercriminals are thought to operate out of Russia or one of the other former Soviet states (opens in new tab).
Experts suggest Russia turns a blind eye to their activities as long as they don’t target victims within its borders. However, ZDNet (opens in new tab) reports that in a joint statement, leaders from the G7 countries have asked Russia to rein in the threat actors operating within its jurisdiction.
In light of the developments, the US-Russia summit was supposed to lead to some concrete actions. Experts remain skeptical that handing-over of a list of off-limit infrastructure would bring about any change.
"There's no indication at all that he [Putin] actually went along with it," Keir Giles, a Russia expert with the London-based Chatham House think tank told Reuters, adding that he felt there was nothing in President Putin’s public comments to suggest a change in the status-quo.
- Protect your devices with these best antivirus software (opens in new tab)