Senators introduce bipartisan bill to fight cybercrime
In the wake of numerous high-profile cybersecurity incidents – including an attack on the Colonial Pipeline that led to a days-long shutdown – a bipartisan group of senators has introduced a bill aimed at shoring up the country’s defenses.
The International Cybercrime Prevention Act of 2021 would create new criminal violations for those targeting critical infrastructure, including hospitals.
“Over the last few months, we have seen the severity cybercrime attacks can have on our nation’s infrastructure, it is time for Congress to ensure our cyber defense can withstthese attacks in the future,” said Senator Thom Tillis, R-S.C., who cosponsored the bill, in a statement.
WHY IT MATTERS
The bill, which was also introduced by Senators Richard Blumenthal, D-Ct., Lindsey Graham, R-S.C. Sheldon Whitehouse, D-R.I., aims to enhance the Department of Justice’s authority around cybercrime.
In addition, it intends to make it easier to counter disrupt networks of infected computers, also known as botnets.
If passed, the bill would:
- Allow authorities to confiscate communication devices other tools used to commit cybercrime.
- Enhance prosecutors’ ability to shut down botnets other digital infrastructure used for a wide range of illegal activity.
- Create a new criminal violation for individuals who have knowingly targeted critical infrastructure such as dams, power plants, hospitals, election infrastructure.
- Prohibit cybercriminals from selling access to botnets to carry out cyberattacks.
“The more we shift control of everyday life to cyberspace, the more opportunities we open to international cybercriminals,” said Whitehouse.
“From ransomware attacks on American companies critical infrastructure to the pillaging of citizens’ private data for profit, it’s clear we need to arm authorities to protect Americans against cybercrime,” he continued.
Cybersecurity experts praised the legislation, calling it a “positive step forward.”
“Although ransomware is much in the news currently, there is a constant backdrop of data exfiltration plain old fraud via the exponentially expanding threat landscape,” said David Stewart, CEO of the cybersecurity vendor Approov.
“Therefore being able to aggressively pursue the perpetrators of CI ransomware other criminal acts is very welcome,” he said.
“I am happy to see that the government is considering stricter penalties for those threat actors, many of [whom] are foreign based,” said Chenxi Wang, general partner at Rain Capital.
However she noted that policymakers could take additional action.
“Because of the widespread impact of these attacks, I also think it is important to go a step further to establish international coalitions or treaties against ransomware critical infrastructure attacks, perhaps in the same vein as the nonproliferation of nuclear weapons treaty,” she added.
THE LARGER TREND
Cracking down on cybercrime is standing out as a bipartisan concern in Washington.
President Joe Biden’s administration hinted earlier this month that it could consider military action in response to ransomware attacks enabled by foreign nation-states.
“We are considering all of our options,” said U.S. Secretary of Commerce Gina Raimondo in an interview with ABC’s George Stephanopoulos.
“We are not taking anything off the table as we think about possible repercussions, consequences or retaliation,” she added.
That interview followed the release of Biden’s proposed budget, which would put billions of dollars toward cybersecurity.
ON THE RECORD
“From critical water supplies natural gas lines to government agencies our elections, recent attacks have revealed glaring vulnerabilities in our nation’s cybersecurity infrastructure,” said Blumenthal.
“Further delay isn’t an option. We need the International Cybercrime Prevention Act to bolster our defense against hackers foreign adversaries who will stop at nothing to disrupt meddle,” he continued.