The document discusses Israel's strategies in preventing ransomware attacks, suggesting that lessons from military doctrine can be applied to cybersecurity. It advocates for a public-private security partnership, where companies commit not to pay ransoms and are financially backed by the government to deter cybercriminals. The author argues that by reducing payments to attackers, the motivation for ransomware crimes can be diminished, ultimately neutralizing a significant security threat.

1. THE BLOGS
Andy Blumenthal
Lessons From Israel In
Stopping Ransomware
(Source Photo: https://pixabay.com/illustrations/ransomware-cyber-crime-malware-2321110/)
ADVERTISEMENT

2. Israel is a small, but powerful nation that wants to stop attacks before they get
to their door, and indeed, their lives depend on that. We can learn from Israel’s
military doctrine of deterrence through overwhelming strength, unity, and
disincentivizing the attackers to inform other security issues, such as
ransomware attacks. I believe that the answer lies in a public-private security
partnership financially backed by the government.
Ransomware is a malicious cybercrime whereby attackers lock up the target’s
computer systems until they pay a ransom, typically in hard-to-trace cyber
currency, such as Bitcoin. These attacks are on the rise, resulting in an
estimated $20 billion in damages in 2021, a figure projected to reach $265
billion in ten years.
Just this last year, in May and June 2021, Colonial Pipeline, a major American oil
carrier, and JBS Foods, the world’s largest meat processor were attacked with
ransomware attacks, jeopardizing our food and oil supply. That is, until Colonial
paid $4.4 million and JBS paid $11 million to their cyber attackers. Ransomware
attacks are devastating to companies and nations because they paralyze
business operations and much needed outputs and services to citizens.
From a corporate perspective, I completely understand the pressure to resolve
the cyber-attack that holds their business operations at a costly standstill. I can
only imagine the customers, suppliers, and board of directors all screaming to
resolve the situation as quickly as possible.
From a broader national security and critical infrastructure perspective, these
attacks can be devastating to our nation when they strike our military industrial
base, energy, utilities, banking, transportation, food/water, etc. Imagine, no gas,
no lights, no ATM machines or credit cards, no phones, and so on. Moreover, for
companies that are coming to resolve the situation at the end of the game (i.e.,
once attacked), they are at a distinct disadvantage. At the same time, if they try
to plan all by themselves, they are out-schemed and out-gunned by cyber

3. attackers that are doing this day-in and day-out. Yet, the more we reward the
criminals or terrorists when they strike, the more incentive they have to keep
doing it.
This is a lesson that Israel learned many decades ago in suffering under an
endless barrage of terror attacks, which were perpetrated not only to inflict
painful injuries and deaths on the Israeli civilian population, but also to try to
force the Israeli government to negotiate and free terrorist leaders and those
with “blood on their hands” that were in Israel’s custody. However, because
rewarded terror begets more terror, Israel instituted a policy of not negotiating
with terrorists. This was a sound and strategic policy that was echoed by former
U.S. Presidents Richard Nixon and Ronald Reagan, as well as British Prime
Minister Margaret Thatcher.
If the terrorists can’t get what their after in terms of releasing their cohorts or
some other ransom perhaps like increasing their leverage in negotiations with
Israel for their own Palestinian State, then that takes away, in part, the
incentive for them to carry out the terror attack to begin with. Of course, in
Israel’s case, the terrorists are also theologically motivated to inflict the
maximum harm on Israelis because they don’t recognize Israel to begin with,
they want to drive the Jews into the sea, and they see their attacks as part of
some sort of warped religious war (or Jihad) whereby Islam and its adherents are
shown to be supreme.
Despite Israel’s policy of not negotiating with terrorists, they have at times
deemed it necessary to negotiate and give in to terrorist demands in order to get
what the public demanded, such in 2008 and 2011, when they gave up terrorists
in Israel’s prisons in order to secure the return of the bodies of two IDF soldiers
kidnapped at the Northern border, and for the return of Gilad Shalit taken
prisoner near Gaza in 2006. Similarly, with ransomware, we are human and we
can’t stand seeing our systems and organizations “locked up,” inoperable, and
our citizens being hurt by it.

4. With ransomware attacks, however, the crime is generally wholly financially-
driven, and therefore, if you dry up the payments to the attackers, you deplete
their motivation to ransom any systems to begin with. In other words: no
ransom, no ransomware!
How can we stop the payments of ransom by companies that are in a terrorist’s
cyber stranglehold? I have a notional approach that I think could be a
framework for addressing this vital security issue. The two key elements are a
public-private security partnership and a government financial backstop.
Companies Join Public-Private Partnership
First, companies voluntarily join a public-private security partnership in which
they adhere to higher security standards and oversight as well as pledge not to
pay ransomware. Additionally, these companies are placed on a public list and
given a badge or seal of approval/logo like Brink’s Home Security or ADT to
display that indicates they are “fortified,” and in this case, that they won’t pay
any ransom, and are backed by the government. An example of the voluntary
higher security standards is what happened after 9-11, when companies
shipping goods signed up for the Customs Trade Partnership Against Terrorism
(CTPAT) to facilitate the safe flow of cargo to the U.S. in a time when everyone
feared weapons of mass destruction being smuggled in.
ADVERTISEMENT

5. ABOUT THE AUTHOR
Andy Blumenthal is a business and technology leader who writes frequently about Jewish life,
culture, and security. All opinions are his own.
Government Backstops Any Costs
Second, the government provides an incentive for companies to participate in
the public-private partnership and not to pay ransomware. The incentive
provided is that the companies are backstopped (insured) by the government in
the event of a ransomware attack to them. This is similar to ransomware
insurance, but the difference is that the cost to companies would be a fraction of
what they would otherwise have to pay. The benefit to the taxpayer is that the
market for ransomware dries up with companies that have pledged not to pay.
As the program become universal, there is no one left for the ransomware
attackers to target.
In short, as long as ransomware is a lucrative endeavor with little to no risk to
the cyber attackers who stealthily get away with their cryptocurrency payments
then the ransomware attacks will not only continue but increase as a threat to
our companies and nations. However, once we say—like Israel and other world
democracies—that “we will not negotiate with terrorists”—and we back this up
by a government financial guarantee then a major and growing security threat
can be finally neutralized.