Comment by arrosenberg
5 years ago
The way you have laid out this problem makes it seem similar to the naval piracy issue in the Age of Exploration. You have small, untraceable actors launching both ad-hoc and privateer-style attacks on large national and corporate entities.
Everything you suggested seems valid, and as you pointed out both the carrot and the stick are needed. The European powers enlarged their navies to absorb the surplus of unemployed sailors and used the enlarged navies to hunt the remaining pirates. British naval dominance (followed by American naval dominance) is what makes naval piracy comparatively rare today. I reckon a similar strategy would work digitally (put the best talent in golden handcuffs and hunt down the rest), but I'm not sure anyone has the resources, political will and the national interest right now.
> but I'm not sure anyone has the resources, political will and the national interest right now.
Well, this will change if/when ransomware attacks are becoming a big enough issue to noticeably impact the economy, health care, or something else that politicians and voters care about.
I'm not an IT security expert, but I do think we are now observing an increased industrialization of ransomware. Some crews specialize in initial attack vectors, and sell them to others who specialize in the lateral movement, and then those resell fully compromised systems to specialists that do the actual ransomware and payment.
If this trend continues, countries will be forced to take this far more seriously than they do it now.
Well sure, but all the potential choices have serious problems. American corporations have participated in weakening the government to the point where it's not capable, nor trusted, to do it. The EU may not have the cohesion, and they may not be able to get buy-in, since (I suspect) this will have to be a thing the Germans push hard for. The UK leaving the Union only throws another wrench in Europe being a solution to the problem. China and Russia's interests are aligned with preventing such a thing from happening globally.
Millions for defense, not one cent for tribute. Funny how that makes sense again.
It even occurs to me that like Tripoli of old, a lot of these "bulletproof" locations have a significant chunk of their economies based around this piracy. Romania's got some towns notorious for this, and India has places where scammy call centers are a way of life for thousands of people.