US cyber expert backs ransomware notice scheme

Joseph Brookes
Senior Reporter

A renowned US cybersecurity expert has put weight behind calls for a mandatory ransomware payment notification scheme in Australia and said Australia’s election administration system should be considered critical infrastructure.

Cybersecurity expert and former United States Cybersecurity and Infrastructure Security Agency chief Chris Krebs appeared at a Parliamentary Joint Committee on Intelligence and Security on Friday, where he backed calls for organisations being required to report to authorities when they have made a ransomware payment.

Mr Krebs said a notification scheme would help authorities understand the scale of the problem and collect valuable intelligence on incidents.

“We have to get to the denominator of ransomware attacks, and the easiest way to do that is to require ransomware victims to make a notification to the government…if you’re going to be engaging [in a] transaction with a ransomware group, that needs to be notified,” Mr Krebs told the inquiry, which is reviewing current and proposed critical infrastructure legislation.

“The second [reason] is if you’re going to make the payment we also want to make sure the information, specifically the wallet to which the ransomware payment is going, can be tracked by law enforcement and intelligence officials to light up the economy.”

Former US Cybersecurity chief Chris Kreb. Image: Department of Homeland Security/Tara Molle

Last month, shadow assistant minister for cyber security Tim Watts introduced a private members’ bill which would establish a notification scheme, and called on the government to urgently support it following a spate of ransomware attacks around the world.

Home Affairs Minister Karen Andrews told a business event shortly after that the government is “open to exploring” a mandatory reporting scheme but added it must follow an increased awareness of the problem.

The Department of Home Affairs is reportedly considering a notification scheme, with secretary Mike Pezzullo saying he believes it is “likely” one would be rolled out soon.

Following Mr Krebs evidence on Friday, Labor’s Mr Watts issued a statement calling for the government to urgently list his bill for debate when Parliament returns in August.

“The Minister said when taking on the role in March cyber security was a ‘priority’ for her. It’s time we saw some real action,” Mr Watts said.

“Ransomware is completely out of control in 2021. There has been an onslaught of attacks that threaten Australian jobs including JBS Foods, our biggest meat producer, the Nine Network, and multiple hospitals.”

The US expert also called for Australia to consider election administration as critical infrastructure. Mr Kerbs was fired by the-US President Donald Trump in 2020 for refuting his claims the 2020 presidential election was fraudulent.

“I think there are elements of the election administration function that should absolutely be considered critical infrastructure, and that is the administration element,” he said.

“That’s the systems, the machines, the counting process, the protocols around it — I think it’s, at least in the US, a step too far to call the political parties themselves as part of the infrastructure, but they do have certainly a contribution and a piece involvement.”

The PJCIS is currently considering legislation which would see more Australian sectors considered “critical infrastructure”, including communications and data storage and processing.

Mr Krebs said bad actors have been effective in disrupting elections with disinformation campaigns and “perception hacks”.

“Those are the more pervasive, much harder to debunk, because there’s an asymmetry of the adversary,” he said.

“Even if it’s domestic, it’s still an adversary, in this case, [a] domestic actor that is trying to undermine confidence in the process for their own outcomes.”

Do you know more? Contact James Riley via Email.

Leave a Comment