The Trump administration hastily called emergency meetings Friday and Saturday to contain fallout from the ongoing global ransomware campaign that has now hit victims in at least 150 countries, including the U.S.
On Friday, when the attacks started spreading throughout Europe and Asia, White House Homeland Security Adviser Tom Bossert chaired a meeting of the federal government’s so-called Cyber Response Group, which helps agencies coordinate their reactions to digital assaults, a source familiar with the matter told POLITICO.
The group met to assess the rapidly-expanding ransomware attack, which locks up a computer network’s files until a ransom is paid. The attacks forced several hospitals in England to stop admitting new patients with serious medical conditions and drove other companies to shut down their networks, leaving valuable data unavailable.
In total, European authorities said the ransomware assault has crippled more than 200,000 victims in those 150 countries. The malware that helps spread the attack is repurposed from apparent National Security Agency hacking tools that were leaked online earlier this year.
Friday’s emergency White House meeting included the National Security Council’s entire cyber directorate, led by cybersecurity coordinator Rob Joyce.
After the meeting, the NSC checked in every four hours with the government’s seven cyber watch centers to assess the situation, the source said. Those seven centers include places like the DHS’s cyber threat info-sharing hub, the National Cybersecurity and Communications Integration Center, or NCCIC, as well as similar cyber-focused units within the Pentagon, U.S. Cyber Command and various intelligence community agencies, such as the FBI and NSA.
The Cyber Response Group was only formalized last year in a presidential policy directive from then-President Barack Obama. In addition to getting all agencies on the same page during a cyberattack, the group helps coordinate broader digital defense policies.
Saturday morning at 9 a.m., after it had become clear the world was dealing with a unique digital ambush of unprecedented scale, Bossert also chaired a meeting of the NSC principals committee, which is composed of the senior-most administration officials, including Cabinet secretaries.
A senior administration official confirmed the meetings, which were first reported by Reuters.
Several Cabinet secretaries, deputy secretaries and "appropriate staff" attended the Saturday meeting, the official told POLITICO.
The ransomware campaign — which has gone through at least two phases as researchers worked to halt its advance — mostly affected Europe and Asia. But at least two public universities in the United States have reported infections, according to a spokeswoman for a cyber information sharing organization dedicated to state and local governments.
A DHS official told POLITICO late Friday that the malware had not yet infected U.S. government agencies and critical infrastructure organizations, such as hospitals and power plants.