The US National Security Agency (NSA) is launching a new initiative called Red Ventures, aimed at addressing the growing competition from China in the technology sector. The initiative, spearheaded by the NSA’s China directorate, will establish an “innovation pipeline” to seek potential solutions to the challenges posed by China’s technological advancements.
During a recent webinar, David Frederick, the NSA’s assistant deputy director for China, highlighted the importance of tech competition between the US and China. He stated that some Chinese officials have referred to tech as “the main battlefield” between the two nations. Frederick emphasized that the goal of Red Ventures is to keep lawmakers informed about China’s tech advancements and its efforts to gain control of essential supply chains.
To tackle the “China problem,” the NSA will collaborate with the defense industrial base and technology partners. The initiative is set to begin within the next six months. This move is in line with the NSA’s previous focus on China, as NSA head Paul Nakasone announced the establishment of a “China Outcomes Group” last year to address the challenges posed by China under the Cyber Command and NSA umbrella.
In a separate development, the US Cybersecurity and Infrastructure Security Agency (CISA) held its Cybersecurity Advisory Committee (CSAC) meeting to discuss over one hundred cybersecurity recommendations. These recommendations aim to strengthen the nation’s cybersecurity defenses. Some of the proposals include implementing a national cybersecurity alert mechanism, defending against surveillance targeting high-risk communities, and increasing cybersecurity expertise on corporate boards of directors.
The call to increase cybersecurity expertise on corporate boards comes at a crucial time, as the Securities and Exchange Commission has recently introduced new cyber incident response rules. These rules require board members to receive adequate training on cybersecurity issues. Dave DeWalt, founder and CEO of investment firm NightDragon and the newly-elected vice chair of CSAC, highlighted the need for greater cybersecurity expertise on boards, stating that the progress in this area has been limited.
The recommendations discussed in the CSAC meeting will now be reviewed by Director Jen Easterly, and her comments will be posted on the agency’s website along with the approved recommendations.
Moreover, the US National Security Council (NSC) is reportedly urging members of the International Counter Ransomware Initiative (CRI) to commit to refusing ransom demands from cyber threat actors. The CRI, consisting of forty-seven member countries, is scheduled to hold its annual summit on October 31. The White House plans to draft a joint statement before the event commences, urging all members to refrain from paying ransoms.
Experts in the cybersecurity community have expressed support for the initiative. Allan Liska, a threat intelligence analyst at Recorded Future, emphasized that governments should set an example by never paying ransom demands. He argued that giving in to cybercriminals not only provides them with financial resources but also incentivizes future crimes.
Brett Callow, a threat analyst and ransomware expert at Emsisoft, agreed with the sentiment, stating that stopping the flow of cash into the ransomware ecosystem is crucial. While the CRI’s plan would not prevent the private sector from paying ransoms, Callow believes that every effort counts.
However, some experts have voiced skepticism about the effectiveness of the initiative. Marc Rogers, a white-hat hacker, pointed out that most ransomware attacks target small-to-medium-sized organizations and governments. He suggested that the focus should instead be on providing cyber defense support to these vulnerable targets and addressing cyber hygiene issues.
As the CRI’s annual summit approaches, the international community eagerly awaits the joint statement from member countries. The outcome of this initiative could have a significant impact on the fight against ransomware and potentially reshape international cybersecurity collaborations.