The federal government has acknowledged the work of an international Ransomware Task Force that included the RCMP’s participation, but it remains silent about what specific recommendations it’s following or considering.
“We are grateful for the work of the Task Force, its report, and its advice on how to confront the global challenge posed by the spread of ransomware,” James Cudmore, director of communications for Public Safety Minister Bill Blair said in an email. “Our government takes these issues very seriously.”
He also noted the ongoing work being done to fight ransomware by the Canadian Centre for Cyber Security, the RCMP, and Public Safety Canada.
His email was in response to several queries to the government on its reaction to the April 29 report of the task force, an effort by the U.S.-based Institute for Security and Technology in partnership with 60 cybersecurity experts from industry, government, law enforcement, civil society. Among them was the RCMP’s National Cybercrime Co-ordination Unit (NC3), the U.K.’s National Cyber Security Centre (NCSC)
and the U.K.’s National Crime Agency (NCA).
The earlier response from Public Safety noted
- A ransomware webinar delivered in April by Public Safety Canada, the RCMP, the federal Canadian Cyber Security Centre and Microsoft Canada to 125 critical infrastructure stakeholders “to raise awareness of the threats posed by ransomware and the potential mitigation measures that organizations can implement to strengthen their resilience.”
- Two government-backed table-top two table-top exercises held in March for 500 critical infrastructure organizations to examine the response to a ransomware attack, “with a focus on strengthening collaboration between government and private sector organizations.’
- Also in April, as part of a virtual meeting with security cabinet ministers of the Five Eyes intelligence co-operative, Public Safety Minister Blair signed a joint statement vowing the countries will work to fight ransomware by sharing lessons learned and working with the private sector. (The Five Eyes include the U.S., the U.K. New Zealand and Australia).
Ransomware “can be used with criminal intent, but is also a threat to national security,” the joint April 8 statement said.
Declaring ransomware as a national threat is one of the recommendations of the Ransomware Task Force urged all countries to adopt. The joint statement also condemned cyber threat actors for attacking public health institutions.
Years ago, Ottawa identified 10 critical infrastructure sectors in Canada including water, energy, food, manufacturing, telecommunications, transportation, healthcare, banking, public safety and government.
“The Government of Canada recognizes that ransomware is a growing threat to Canadians and Canadian businesses,” the response from Public Safety Canada to the IT World Canada query said.
“Public Safety Canada continues to work alongside its interdepartmental partners and in consultation with public and private sectors to develop innovative policy solutions that bolster existing frameworks to deny, deter and prevent malicious cyberattacks, including ransomware attacks. The Government also works closely with the international community to develop recommendations that enhance resiliency and responsiveness to ransomware attacks.”
As for the RCMP’s participation in the Ransomware Task Force, a statement from the Mounties said experts from its National Cybercrime Coordination Unit (NC3) provided information and guidance to the task force. It notes the task force included an interdisciplinary group of leaders from private, public and non-profit sectors who came together to develop a comprehensive framework of actionable solutions with respect to ransomware.
“Combating cybercrime, such as ransomware, is a shared responsibility amongst Canadian law enforcement, in addition to other federal partners and private sector,” the statement said. “The RCMP works closely with law enforcement partners, federal partners and industry to combat ransomware and other cyber threats impacting Canada. Key law enforcement activities include cybercrime investigations and other operational measures to disrupt cybercrime, and working with partners to educate the public about ransomware and other cyber threats in order to prevent and reduce victimization.”
The Ransomware Task Force urges governments to do the following:
- Take coordinated, international diplomatic and law enforcement efforts to prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- Have a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign. In the U.S. it would be coordinated by the White House and include establishing 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
- Establish cyber response and recovery funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments, and require organizations to consider alternatives before making payments.
- Develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
- More closely regulated cryptocurrency including requiring cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including local Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
