Biden to Putin: Critical infrastructure should be "off-limits"

Putin denies protecting ransomware operatives in his country

US President Joe Biden has told Russia's Vladimir Putin that critical infrastructure should be off-limits to cyber attacks, and that he expects Russia to act against ransomware groups operating within its territory.

Addressing reporters at a news conference in Geneva following the US-Russia summit, Biden said his talks with the Russian president were 'good' and 'positive'.

"I talked about the proposition that certain critical infrastructure should be off limits to attack, period," Biden told reporters. The President added that he gave Putin a list of 16 entities - an apparent reference to 16 sectors, including energy, water systems, telecommunications, healthcare and food, that are defined as critical infrastructure under the US policy.

"We agreed to task experts in both our countries to work on specific understandings about what is off-limits," Biden said.

"We'll find out whether we have a cybersecurity arrangement that begins to bring some order."

Biden also told Putin that he expects Russia to act against any ransomware groups operating within its borders, just as the US would do against cyber criminals operating within its own territory. Cyber experts believe that such groups have long acted within Russia with an implicit sanction from the state.

Biden warned his Russian counterpart that the US has "significant cyber capability," which could be used in offensive cyber operations in the future unless Russia clamps down on hackers targeting US entities.

Biden told reporters, "He knows it. He doesn't know exactly what [our capability] is, but he knows it's significant. If in fact they violate these basic norms, we will respond."

In a separate press conference, Putin denied that Russia was protecting ransomware operatives.

He refused to answer questions about recent attacks on US entities, but said his talks with President Biden were "quite constructive" and that both of them "spoke the same language."

Putin said Russia is ready to start talks with the USA on cybersecurity, but suggested that most cyber attacks worldwide originate from the US.

A history of offence

Biden's remarks regarding offensive cyber operations are the strongest since the recent series of cyber attacks hitting US entities.

Last month attackers compromised the network of fuel supplier Colonial Pipeline, which disrupted gasoline supply in the southeastern US.

In December, at least nine federal agencies and dozens of private firms in the US were compromised as part of the massive SolarWinds campaign, which federal officials attributed to Russia's SVR, a successor to the Soviet KGB.

As a follow-up, in April, the US Treasury Department announced sanctions against six Russian technology firms, which it said were developing tools to carry out malicious cyber activities on behalf of Kremlin intelligence services.

Earlier this week, NATO issued a joint communiqué in Brussels, warning that cyber attacks against its member states could be considered as serious as an armed attack. In recent months, many member countries of the group have expressed concerns regarding the increasingly aggressive behaviour in cyberspace by Russia and China.

Russia earned 63 mentions in the NATO communiqué, while China was mentioned 10 times.

The group also urged China to uphold its global commitments and to act responsibly in the international system.