Government Takes Helm on Cybersecurity As Ransomware and Spying Threats Grow

July 20, 2021 by Tom Ramstack
Government Takes Helm on Cybersecurity As Ransomware and Spying Threats Grow

WASHINGTON — As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions with increasingly combative strategies.

Legislation that won tentative approval in Congress on Monday anticipates a bigger role for the U.S. government in overseeing cybersecurity of critical industries.

Other pending bills would regulate cryptocurrency sought by cyberthieves and more aggressively track down sources of the attacks.

“One thing is certain,” said Rep. Diana DeGette, D-Colo. “The problem is not going away.”

DeGette is chairwoman of the House Energy and Commerce subcommittee on oversight and investigations, which held a hearing Tuesday on how Congress should respond to ransomware threats.

“We need not only a whole of government approach but a whole of society approach,” DeGette said.

The subcommittee listened to industry representatives who described damage from ransomware and suggested methods for addressing the attacks. Ransomware refers to Internet-based attacks on computer systems in which the attackers threaten to publish the victims’ personal data or perpetually block access to it unless a ransom is paid.

Kemba Walden, assistant general counsel for Microsoft Corporation, said about 2,400 U.S. organizations endured ransomware attacks last year along with a half-billion dollars in damage.

As the pace of ransomware picks up, she said last year’s attacks were “the tip of the iceberg” of what’s coming.

“Ransomware is a profitable business with almost no barriers to entry,” Walden said.

Private businesses could stop most of the attacks by using two-factor authentication to gain access to their computers, she said. A larger effort against the attackers must come from the government.

Christian Dameff, medical director of cybersecurity for the University of California at San Diego Health, said cyberattacks against hospitals have sometimes forced delays in surgeries and infringement of medical records.

“Cyberattacks on a hospital have the potential to threaten life and limb,” Dameff said.

He mentioned the example of an April 29 cyberattack on five San Diego hospitals that gave the attackers access to private medical records and shut the staff out of access to their own computers. Some patients were unable to renew their prescriptions or communicate with their doctors about treatment through the hospitals’ Internet portal until the problem was resolved.

In addition, cyberattacks in the past two years have hit hospitals in Hackensack, New Jersey; St. Louis, Missouri.; and Tuscaloosa, Alabama.

Other recent attacks forced executives at energy company Colonial Pipeline and meat processing company JBS S.A. to pay millions of dollars in cryptocurrency ransom to restore their ability to operate and to serve their U.S. customers. 

Internationally, oil fields in Saudi Arabia and oil operations of Mexican company Pemex were shut down temporarily by cyberattacks.

Most of the attacks were blamed on Russian criminal gangs operating with the knowledge of their government.

On Monday, the United States and several other countries pinned additional blame on the Chinese military. They said the Chinese orchestrated a cyberattack in January on Microsoft email systems used by tens of thousands of organizations worldwide.

They also said the Chinese know about criminal ransomware hackers in their country but do nothing to stop them. The victims included Europe’s top banking regulator.

China’s “pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” a White House statement said.

At the congressional hearing Tuesday, Rep. Morgan Griffith, R-Va., said, “The federal government has strong resources to respond to attacks.”

He added, “We need to make better use of our resources.”

With similar ideas in mind, the House of Representatives on Monday approved two bills aimed at preventing cyberattacks on critical energy infrastructure. They would expand the U.S. Department of Energy’s role in cybersecurity and boost information-sharing between government and industry on the threats.

The two bills — H.R. 3119, the Energy Emergency Leadership Act, and H.R. 2931, Enhancing Grid Security through Public-Private Partnerships Act — now move to a possible vote in the Senate.

A+
a-
TWN
  • Congress
  • cybercrime
  • cybersecurity
  • federal government
    • linkedin linkedin

    In The News

    Health

    Voting

    Cybercrime

    October 7, 2023
    by Dan McCue
    Hackers Access DC Voter Records

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of... Read More

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of U.S. voter data, including D.C. voters reports, city officials said. Sarah Winn Graham, the spokeswoman for the board, said a hacking group known as RansomVC claimed... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    May 17, 2023
    by Tom Ramstack
    US Prosecutors Indict Russian for Ransomware Attacks

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his... Read More

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his conspirators about $200 million in stolen payments. The victims were mostly in the United States. They included nonprofits, hospitals and police departments, such as the Washington,... Read More

    March 16, 2023
    by Tom Ramstack
    SEC Seeks Court Order in Investigation of Chinese Cyberattack

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s... Read More

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s biggest law firms. The SEC says it is trying to investigate the extent of 2020 cyberattacks in the United States, such as the one that penetrated... Read More

    January 20, 2023
    by T-Mobile Says Data on 37M Customers Stolen
    T-Mobile Says Data on 37M Customers Stolen

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late... Read More

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth. T-Mobile said in a filing with the U.S. Securities and... Read More

    December 5, 2022
    by TWN
    Philip Morris International Taking Proactive Role to Help Consumers Know, Fight Illegal Trade

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to... Read More

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to expand and add jobs, and it’s certainly not good for the consumers who unknowingly shell out considerable sums of money for knockoffs that ultimately fall far... Read More

    News From The Well
    scroll top