Lawmakers on Capitol Hill are scrambling to introduce legislation to address a devastating spike in ransomware and other cyberattacks on critical organizations such as Colonial Pipeline and JBS USA.
The effort marks a rare area of bipartisanship in an increasingly divided Congress, with lawmakers under pressure to confront cyber threats emanating from both foreign nations and cybercriminal groups making millions from holding companies for ransom.
“We think it’s essential for us to get our hands around this issue of ransomware, Colonial Pipeline is the biggest example, and then JBS, the meatpacking company, but it happens every day, and it happens to smaller companies too and individuals,” Senate Homeland Security and Governmental Affairs Committee ranking member Rob PortmanRobert (Rob) Jones PortmanThe Hill’s Morning Report – After high-stakes Biden-Putin summit, what now? G-7 summit exposes incoherence of US foreign policy Senate panel unanimously advances key Biden cyber nominees MORE (R-Ohio) told The Hill Thursday.
ADVERTISEMENT
“We need a better federal defense and offense on it, and we need to be sure it’s a partnership with the private sector,” he added.
Portman is currently working with Senate Homeland Security Committee Chairman Gary PetersGary PetersAbsences force Senate to punt vote on Biden nominee Senate Democrats investing M in Defend the Vote initiative Senior Biden cyber nominees sail through Senate hearing MORE (D-Mich.) on legislation to address the increase in ransomware and other crippling cyberattacks on critical organizations.
Peters told reporters last week that the legislation would be “comprehensive” and was necessary as cyberattacks have increasingly become “attacks on our very way of life.”
“I think every member on this committee agrees that this committee will focus our collective attention and resources on dealing with this problem,” Peters testified at committee hearing last week.
The bipartisan bill is part of a larger effort by Congress to address the rapidly expanding cyber threats, which have been in the spotlight in recent months due to both foreign and cybercriminal attacks.
Ransomware attacks disrupted operations in May at both Colonial Pipeline, the provider of 45 percent of the East Coast’s fuel, and JBS USA, the largest beef supplier in the nation, endangering critical supply chains.
ADVERTISEMENT
These attacks came as the federal government continued to recover from the SolarWinds hack, in which Russian-government-backed hackers compromised nine federal agencies, and vulnerabilities on Microsoft’s Exchange Server application that potentially compromised thousands of groups.
In the wake of these attacks, Senate Majority Leader Charles SchumerChuck SchumerFive takeaways on the Supreme Court’s Obamacare decision Senate confirms Chris Inglis as first White House cyber czar Schumer vows to only pass infrastructure package that is ‘a strong, bold climate bill’ MORE (D-N.Y.) last week called on Peters and other Senate committee leaders to conduct a “government-wide review” of the incidents and make rolling out legislation to strengthen U.S. cybersecurity a priority.
“We in Congress have a responsibility to conduct oversight and determine whether our government needs an additional authority and resource to take the fight to cyber criminals and foreign intelligence services,” Schumer said on the Senate floor.
Peters is not the only committee leader working to put together cyber legislation.
Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerSanders: Democrats considering trillion spending package Cyber concerns dominate Biden-Putin summit Senate on collision course over Trump DOJ subpoenas MORE (D-Va.), Vice Chairman Marco RubioMarco Antonio RubioHillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft’s surveillance technology | Senators unveil bill to crack down on cyber criminals FCC votes to advance proposed ban on Chinese telecom equipment The Hill’s Morning Report – After high-stakes Biden-Putin summit, what now? MORE (R-Fla.), and committee member Sen. Susan CollinsSusan Margaret CollinsSenate confirms Radhika Fox to lead EPA’s water office Pelosi says she’s giving Senate more time on Jan. 6 commission Overnight Energy: Schumer to trigger reconciliation process Wednesday | Bipartisan bill would ban ‘forever chemicals’ in cosmetics | Biden admin eyes step toward Trump-era proposal for uranium reserve MORE (R-Maine) are circulating draft legislation meant to tackle the threat of ransomware attacks, first reported by CNN on Wednesday.
The draft bill, which was obtained by The Hill, would require federal agencies, federal contractors and owners and operators of critical infrastructure to report cybersecurity incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA).
It would give CISA 180 days after the bill became law to establish a reporting system to compile these reports and require the agency to submit annual potentially classified reports to Congress on all incidents.
The bill would critically also grant liability protections to groups that report breaches, with current voluntary standards for reporting often complicating the reporting process in recent years.
“I haven’t compared theirs and ours, it’s just based on our work in Intel and what we’ve learned, and as far as the rollout, we’d love to have it next week, but if not it will probably be after we come back in July,” Rubio told The Hill on Thursday.
In a separate effort, Sens. Lindsey GrahamLindsey Olin GrahamOVERNIGHT ENERGY: EPA announces new clean air advisors after firing Trump appointees | Senate confirms Biden pick for No. 2 role at Interior | Watchdog: Bureau of Land Management saw messaging failures, understaffing during pandemic Graham, Whitehouse: Global transition to renewables would help national security Hillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft’s surveillance technology | Senators unveil bill to crack down on cyber criminals MORE (R-S.C.), Sheldon WhitehouseSheldon WhitehouseGraham, Whitehouse: Global transition to renewables would help national security Overnight Health Care: Takeaways on the Supreme Court’s Obamacare decision | COVID-19 cost 5.5 million years of American life | Biden administration investing billions in antiviral pills for COVID-19 Hillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft’s surveillance technology | Senators unveil bill to crack down on cyber criminals MORE (D-R.I.), Richard Blumenthal (D-Conn.), and Thom TillisThomas (Thom) Roland TillisThe Hill’s Morning Report – After high-stakes Biden-Putin summit, what now? On The Money: Yellen, Powell brush off inflation fears | Fed keeps rates steady, upgrades growth projections Bipartisan infrastructure group grows to 21 senators MORE (R-N.C.) on Thursday reintroduced legislation originally rolled out in 2018 that would crack down on cyber criminals.
Their bill, the International Cybercrime Prevention Act, would tighten consequences for hacking a critical infrastructure organization, such as a dam or a hospital, along with expanding the Justice Department’s ability to go after botnet groups.
“What we’re seeing here is not just a weed, it’s an invasive species, it’s comparable to an invasive species that needs to be stopped in your garden before it takes over everything in that garden,” Blumenthal told reporters of cyber threats at a Capitol Hill press conference Thursday. “Here the garden will succumb to that invasive species if we don’t stop it.”
Graham said at the same press conference that he would “insist” on adding it to any infrastructure package the Senate potentially agrees on as a way to move it through Congress quickly.
“Now we’ve got a moment in time when we can’t ignore it anymore, I now deem this infrastructure,” Graham said.
One key issue being looked at by both Capitol Hill and the Biden administration is creating mandatory cyber legislation or regulations to force critical infrastructure groups to enhance security.
The Transportation Security Administration last month issued a new security directive requiring pipeline companies to report cybersecurity incidents to CISA within 12 hours of them occurring, and are working on further regulations.
Sen. Ron WydenRonald (Ron) Lee WydenFive takeaways on the Supreme Court’s Obamacare decision Schumer vows to only pass infrastructure package that is ‘a strong, bold climate bill’ Supreme Court upholds ObamaCare in 7-2 ruling MORE (D-Ore.), a member of the Senate Intelligence Committee, on Thursday criticized what he described as past “happy talk bills” that created only voluntary cybersecurity standards and left the door open to more attacks.
“I am pleased that it looks like we are going to insist on more accountability, so to speak, with contractors,” Wyden told The Hill.
While there are multiple bills with several sponsors in the mix, there is no disagreement that following a year in which hackers targeted everything from hospitals to schools to government agencies, action must be taken to stem the tide of attacks.
“You look back at some of the previous bills and it was not what I think the country needed and I think now every senator is saying to themselves, ‘this is pretty obvious,’ ” Wyden said.
Click Here: New Zealand Kiwis rugby store