Cybersecurity experts have been poring over the transcripts from Wednesday's news conferences in Geneva to determine whether the U.S.-Russia summit will produce real progress in halting a wave of high-profile ransomware attacks. For most, the answer is: It's too soon to tell.
In the run-up to the meeting between President Joe Biden and Russian President Vladimir Putin, cyberattacks for ransom emanating from Russia emerged as a critical national security issue for the United States.
Concern over Russia's purported role in these attacks grew after ransomware criminals believed to be based in Russia breached the computer networks of Colonial Pipeline — the largest pipeline system for refined oil products in the U.S. — and beef processing giant JBS last month.
Biden vowed to confront Putin over ransomware. But while no breakthrough over cybersecurity emerged from the summit, the two leaders agreed to start consultations over the issue.
Experts from the two countries will be tasked to work on "specific understandings of what's off-limits" and to follow up on cyberattacks that originate in either country, Biden said.
What that will entail remains to be seen, but cybersecurity experts say the talks will likely be conducted by working groups composed of low-level officials from across the Biden administration and their Russian counterparts.
The president said he handed Putin a list of 16 sectors such as energy and water services that the U.S. insists are out of bounds to attacks. These were designated as critical infrastructure sectors under a 2013 presidential directive.
"I talked about the proposition that certain critical infrastructure should be off-limits to attack, period — by cyber or any other means," Biden told reporters.
In addition to energy and water systems, the list includes information technology, health care and public health, and food and agriculture — all of which have been the targets of cyberattacks in recent years.
No cybercriminal swaps
Ahead of the summit, Putin suggested swapping wanted hackers with the U.S. Biden initially responded by saying he was "open" to the idea, but the White House later clarified that the president merely suggested that cybercriminals should be held accountable in both countries.
Biden and Putin did not say whether they discussed the criminal exchange idea, and it remains unclear how the two sides will cooperate over cybersecurity attacks originating in either country but not directly involving the government.
Speaking at a separate press conference after meeting with Biden, Putin claimed Russia had provided "exhaustive" answers to U.S. requests for information on 10 separate cybersecurity attacks but had not "received a single answer" to its 45 queries to the U.S.
John Demers, the outgoing head of the Justice Department's national security division, said that while the U.S. has in the past asked Russia for information on cybercriminals, it has all but given up on seeking cooperation.
"I think we've reached the stage today where there's very little point in doing so," Demers said at an event Tuesday sponsored by public sector media company CyberScoop.
Biden said Russia will be judged by its actions.
"Of course, the principle is one thing," the president said. "It has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory."
U.S. cyber offensive capability
Biden said that while he issued no threats during the roughly three-hour meeting, he made it clear there will be consequences for Russian actions, telling Putin, "If you do that, then we'll do this."
In recent years, the U.S. has significantly bolstered its offensive cyber capabilities. The United States Cyber Command is tasked with carrying out cyberspace operations against malicious foreign actors. As part of an offensive cyber operation, Cyber Command can block a target's internet access, destroy its databases or take down the group's entire computer network.
"I pointed out to him we have significant cyber capability, and he knows it," Biden said of Putin. "He doesn't know exactly what it is, but it's significant."
Last year, Cyber Command, along with the National Security Agency, reportedly carried out a cyber operation against hackers working for Iran's Islamic Revolutionary Guard Corps after they sent threatening emails to U.S. voters to undermine confidence in the November presidential elections.