This interview with CISAC Affiliate Christopher Painter was originally produced by Jen Kirby. The complete article is available at Vox.

The frequency, scope and scale of ransomware attacks against public and private systems is accelerating. In the latest incident, the ransomware group REvil has demanded $70 million to unlock the systems of the software company Kaseya, an attack that affects not only Kaseya, but simultaneously exploits all of the company’s clients.

The REvil, JBS meatpacking and Colonial Pipeline attacks have abruptly raised the profile of ransomware from a malicious strand of criminality to a national security priority. These are issues that Christopher Painter, an affiliate at the Center for International Security and Cooperation (CISAC), has worked on at length during his tenures as a senior official at the Department of Justice, the FBI, the National Security Council and as the world's first top cyber diplomat at the State Department.

Jen Kirby, a reporter for Vox, interviewed Painter to discuss how cybercrimes are evolving and what governments should do to keep ransomware attacks from escalating geopolitical tensions online and off.

Jen Kirby:
I think a good place to start would be: What are “ransomware attacks”?

Christopher Painter:
It is largely criminal groups who are getting into computers through any number of potential vulnerabilities, and then they essentially lock the systems — they encrypt the data in a way that makes it impossible for you to see your files. And they demand ransom, they demand payment. In exchange for that payment, they will give you — or they claim, they don’t always do it — they claim they’ll give you the decryption keys, or the codes, that allow you to unlock your own files and have access to them again.

That is what traditionally we say is “ransomware.” That’s been going on for some time, but it’s gotten much more acute recently.

There is another half of that, which is that groups don’t just hold your files for ransom, they either leak or threaten to leak or expose your files and your information — your secrets and your emails, whatever you have — publicly, either in an attempt to embarrass you or to extort more money out of you, because you don’t want those things to happen. So it’s split now into two tracks, but they’re a combined method of getting money.

Jen Kirby:
We’ve recently had some high-profile ransomware attacks, including this recent REvil incident. Is it that we’re seeing a lot more of them, or they’re just bigger and bolder? How do you assess that ransomware attacks are becoming more acute?

Christopher Painter:
We’ve seen this going on for some time. I was one of the co-chairs of this Ransomware Task Force that issued a report recently. One of the reasons we did this report was we’re trying to call greater attention to this issue. Although governments and law enforcement were taking it seriously, it wasn’t being given the kind of national-level priority it deserved.

It was being treated as more of an ordinary cybercrime issue. Most governments’ attention is focused on big nation-state activity — like the SolarWinds hack [where suspected Russian government hackers breached US government departments], which are important, and we need to care about those. But we’re very worried about this, too.

It’s especially become more of an issue during the pandemic, when some of the ransomware actors were going after health care systems and health care providers.That combined with these big infrastructure attacks — the Colonial Pipeline clearly was one of them. Another one was the meat processing plants. Another one was hospital systems in Ireland. You also had the DC Police Department being victimized by ransomware. These things are very high-profile. When you’re lining up for gas because of a ransomware attack, and you can’t get your food because of a ransomware attack, that brings it home as a priority. And then, of course, you have what happened this past weekend. So ransomware has not abated, and it continues to get more serious and hit more organizations.

This blog post was first published by the Australian Strategic Policy Institute's The Strategist analysis and commentary site.

The Quad is stronger than ever. The informal ‘minilateral’ grouping of Australia, India, Japan and the United States has in the past year held its first stand-alone ministerial meeting and its first leaders’ summit, and launched an ambitious project to deliver Covid-19 vaccines. This ‘golden age’ of the Quad is a product of newfound Indian enthusiasm for the grouping, in turn, spurred by the military crisis in Ladakh, where India faces ongoing Chinese troop incursions across the two countries’ disputed border.

But the Quad is not bulletproof. Some experts have suggested that the economic and diplomatic effects of the devastating second wave of the pandemic in India will preoccupy the Indian government, sapping the Quad of capacity for any new initiatives. Others counter that India remains committed to competition with China—which is what really matters for the Quad—although its partners always expected ‘two steps forward, one step back’ from India.

Sign up for APARC newsletters to receive our experts' commentary and analysis.

Related: On the Conversation Six podcast, Tarapore discusses the policy paper on which this blog post is based with Jawaharlal Nehru University Professor of International Politics Rajesh Rajagopalan. Listen:

The pandemic may well prove to be a hiccup in the Quad’s evolution, but a potentially much larger disruption may come from the ongoing Ladakh crisis itself. As I argue in a new ASPI Strategic Insights paper, the crisis has greatly increased the risk of a border war between India and China, which would present a defining test of the Quad. A possible war could either strengthen or enervate the Quad—depending on how India and its partners, including Australia, act now to shape the strategic environment.

Risk is a function of likelihood and consequence. The likelihood of war on the India–China border is still low—both countries would prefer to avoid it—but has risen since the crisis began. Both countries have greatly expanded their military deployments on the border and backed them with new permanent infrastructure to resupply and reinforce them. China has proved its revisionist intent with large and costly military incursions, although its specific objectives and plans remain unknown. And the interaction of both countries’ military strategies and doctrines would, on the threshold of conflict, promote escalation.

The consequences of a possible conflict would be dire for both belligerents and for the region. China — assuming it is the provocateur of conflict—would likely face some political rebuke from states that consider themselves its competitors, but it will work strenuously to reduce those costs, and would likely have priced them in to its calculations of whether to fight. India will suffer high tactical costs on the border, and may also suffer wider harm if China uses coercive cyberattacks against strategic or dual-use targets.

In a costly war, the repercussions may spill over to damage India’s recently developing strategic partnerships, especially with the United States and Australia. Despite generally favorable views of the US, the Indian strategic elite still harbors some latent suspicions. This was highlighted in two episodes in April 2021, when the US Navy conducted a freedom of navigation patrol through the Indian exclusive economic zone, and when the US was slow in delivering Covid-19 vaccine raw materials and other relief. Both instances quickly receded from the Indian public imagination—thanks to quick correctives from Washington—but they did reveal that, under some conditions, Indian perceptions of its new partnerships can be quickly colored by distrust.

A China–India border war may create exactly those conditions. There is a chance that conflict may result in a redoubled Indian commitment to the Quad, if New Delhi judges that it has no option but to seek more external assistance. Conversely, unless a conflict is managed well by India and its partners, it is more likely to result in Indian disaffection with the Quad. India deepened Quad cooperation during the Ladakh crisis partly as a deterrent signal to China, and partly because the Quad is still full of promise. However, after a conflict—when China hasn’t been deterred and has probably imposed significant costs on India—the Quad’s utility would have been tested, and probably not ameliorated India’s wartime disadvantage.

The task before Quad governments is to be sensitized to this risk and implement mitigation strategies before a possible conflict, to buttress the coalition in advance. As I outline in the ASPI paper, they could do this at three levels. First, they could offer operational support—such as intelligence or resupply of key equipment, as the US already has done in the Ladakh crisis—although Quad partners’ role here would be limited. Second, they could provide support in other theatres or domains—with a naval show of force, for example, although cyber operations would probably be more meaningful in deterring conflict or dampening its costs. Third, they could provide political and diplomatic support — signaling to Beijing that a conflict would harm its regional political standing.

For Quad members, the main goal would be to deter conflict in the first place, and, failing that, to preserve the long-term strategic partnership with India for the sake of maintaining as powerful and energetic a coalition as possible to counterbalance China in the long term.