facebook linkedin twitter

Senators Try to Get Tough On Rise in Cybercrime

June 17, 2021 by Tom Ramstack

WASHINGTON — A group of U.S. senators responded Thursday to recent ransomware attacks by introducing legislation to impose new tactics and harsh penalties on cyberattackers.

They pinned much of the blame on Russia, despite denials a day earlier by Russian President Vladimir Putin.

“The Russians do know about it,” said Sen. Richard Blumenthal, D-Conn., during a Capitol Hill press conference.

He said the legislation, called the International Cybercrime Prevention Act, would demonstrate to Putin that the consequences for cyberattacks “go both ways.”

The senators discussed the Colonial Pipeline and JBS S.A. ransomware attacks as prime examples of why new legislation is needed.

On May 7, Colonial Pipeline Co. ‘s system that carries gasoline and jet fuel from Houston to Southeastern states was shut down by a ransomware attack traced to a criminal gang in Russia. The company paid a $4.4 million ransom, much of which was recovered by the FBI. The pipeline resumed operations on May 12.

In the JBS case, a ransomware attack shut down the meat processing company’s operations in the United States and Australia from May 30 to June 2. JBS paid the Russian hackers an $11 million ransom in Bitcoin.

The senators also mentioned the 2020 SolarWinds attack as a motivation for striking back with new authorizations for the Justice Department. 

SolarWinds was a major cyberattack traced to a group backed by the Russian government. It penetrated computers from thousands of organizations worldwide, including U.S. government agencies.

In essence, the International Cybercrime Prevention Act would extend law enforcement tactics typically used against organized crime to cyberattackers, even if they are foreign-based. It is designed primarily to protect critical infrastructure, such as dams, power plants, hospitals and election systems.

Until now, prosecutors were largely limited to obtaining injunctions against persons believed to be involved in cybercrime. The new Senate bill would authorize broader surveillance of potential hackers.

It would allow the Justice Department to seize the kind of spyware and equipment used by cybercriminals to identify and attack victims.

It also would impose tough penalties against persons who help them, even if they are not themselves the hackers.

Although the bill does not specifically mention counterattacks by the U.S. government, senators who spoke at the press conference left a clear impression they were coming.

“This law goes after the criminal syndicates but we also have to go after the host country,” said Sen. Lindsey Graham, R-S.C.

He said that if private companies that operate infrastructure are unable to protect their networks, the federal government would help them.

“Clearly the private sector has not done its job,” Graham said.

He acknowledged that until now, the U.S. government might also have overlooked its responsibilities.

“In 2021, the Department of Defense does not have a definition for a cyberattack against the United States,” Graham said.

Although the senators gave no details of potential U.S. counterattacks, President Joe Biden told the media he is weighing options.

In addition, Defense Secretary Lloyd Austin said in a CNN interview last month that the United States has the “capability to conduct offensive operations” but he did not explain the strategy.

Putin said during a summit meeting with Biden Wednesday that he does not want a return to the Cold War. However, he added during a press conference, “Most of the cyberattacks in the world are carried out from the cyber realm of the United States.”

Cybersecurity

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

October 5, 2021
by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based... Read More

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday. As much as the pandemic has accelerated the rate in which governments... Read More

September 29, 2021
by Victoria Turner
Aspen Cyber Summit Explores Collective Defense in a Digital World

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,”... Read More

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,” but there is “still a lot of work to do,” said CISA Director Jen Easterly Wednesday.  Kicking off the 6th annual Aspen Cyber Summit, Exploring Collective... Read More

September 22, 2021
by Victoria Turner
Identity Authentication Key Piece of Cybersecurity Puzzle

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S.... Read More

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.  It “sits at the heart of zero... Read More

September 1, 2021
by Tom Ramstack
Executives Advocate for Legislation to Unite Government and Private Cybersecurity

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More

News From The Well
scroll top