The International Counter Ransomware Initiative (CRI), which first launched with 31 participating countries in 2021, is now nearing 70 international members that are committed to reducing the risk of ransomware attacks globally.
Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, said on Tuesday that she is “deeply appreciative” of the growth of the CRI and the role that the 68 countries have played to drive its work in countering ransomware.
“When the White House launched the Counter Ransomware Initiative in October of 2021, it was driven by a recognition that when we looked at ransomware, it was the fundamental example of cyberattacks that cross every border,” Neuberger said on Sept. 3 at the Billington CyberSecurity Summit in D.C.
“You could have individuals in one set of countries using infrastructure in another set of countries to conduct attacks on hospitals and water systems and companies and governments in a whole additional set of countries,” she continued. “So, fundamentally, we needed to bring together as many partners as we could around the world to tackle the problem together.”
Neuberger said the White House’s fourth annual CRI meeting will be held at the end of the month in Washington with its 68 member countries.
Representatives from some of the CRI’s founding member countries joined the summit event on Tuesday to discuss the growth of the group, as well as the secrets to its success.
Chris Gower, the senior representative for Australia’s Department of Home Affairs in the Americas Region, said that while 68 countries might seem like a lot to coordinate, the CRI is able to circumvent treaties and regulations that might otherwise “slow things down quite a bit.”
“I think one of the reasons the CRI has been successful is because we’ve managed to avoid all of that. It’s remained an incredibly agile organization,” Gower said.
“We do have the three pillars around policy, diplomacy, and capacity building, and then the more operational arm, but we’ve managed to keep it quite informal, [the] removal of those structures so that if a member has a good idea, if they see an opportunity where we can actually make a difference, we don’t need to go through a years-long process of negotiating text and taking it to a committee and a vote and all that sort of thing,” he added. “We can move quite quickly and adjust, which is exactly why the CRI was stood up.”
Gower said that he hopes the CRI will continue to grow past 68 members and get the private sector involved as well. Nevertheless, his message to those looking to get involved is that the CRI “is not a long, bureaucratic-driven process. This is an action-orientated, outcomes-focused group.”
Felicity Oswald, the chief operating officer at the U.K.’s National Cyber Security Centre (NCSC), explained that the U.K. helped to lead the effort last fall in which the CRI member countries signed a policy statement pledging that their governments will not pay ransom demands to cybercriminals. At the time of the pledge, the CRI had nearly 50 members.
“One country moving individually can only make so much difference, but actually, the number of countries across the globe … making that statement together has an impact on the adversaries that we’re challenged by,” Oswald said. “That’s really important and gives us a foundation to build other strong commitments in the future.”