On the other hand, why shouldn't NSA and CIA be invested 100% in pushing back on these attacks already? The potential harm from this vector is obviously gigantic, so why wait for a really significant attack to happen?
Ransomware make private sector aware of security issues and resilient against attacks. It’s like developing antibodies to viruses.
NSA rather not to interfere, unless infrastructure is involved.
Interference from public sector may actually not be successful in the long run, as companies simply adjust to that, and keep ignoring security at a new equilibrium level.
Not suggesting you're doing this, but their existence should still not be framed as positive. They are malicious and sophisticated, and should be pursued accordingly. If they're willing to extort others by holding their data ransom, there's no telling what else they may be willing to do.
But yes, ransomware does lead to a hardening of network infrastructure, and reduces the likelihood of successful espionage operations, by alerting parties - via the ransomware attack - to security vulnerabilities.
> On the other hand, why shouldn't NSA and CIA be invested 100% in pushing back on these attacks already?
For the same reason that neither them, nor the Army doesn't serve drug warrants, or investigate tax evasion. Because policing is not their mandate. That's the job of either your local police department, or the FBI, or any one of a number of the other federal police forces.
If ransomware gangs are seen as a potential threat to national security, wouldn't preemptive action against these groups fall under the claimed remit of the NSA or CIA?
Tax evasion is a potential threat to national security, drugs are a potential threat to national security, protests are a potential threat to national security, q-anonsense is a potential threat to national security, especially when it culminates in an invasion of the Capitol.
You don't just get to sprinkle 'potential threat to national security' to turn criminal activity into a problem for the extra-judicial arms of your government. How about we let the police do their core competency - policing, and the military and the spooks to stick to their core competency - extra-judicial violence, and kidnapping random people to hold/torture without trial in Gitmo.
I'm not doing any such thing, hence the phrasing of my comment.
Your comment seems to imply you think the most/all of the remit of the CIA is or should be invalid. That position doesn't contradict my comment in any way.
That is a rather different claim than saying that premptively pursuing ransomware gangs in other countries is outside what the relevant decision makers view as the remit of the CIA. To me it seems to clearly fall in-line with their historic actions (as long as the cyber ransomers are outside of the country.)
