Photo: Thom Tillis, Gage Skidmore/Flickr, licensed under CC BY-SA 2.0
In the wake of numerous high-profile cybersecurity incidents – including an attack on the Colonial Pipeline that led to a days-long shutdown – a bipartisan group of senators has introduced a bill aimed at shoring up the country’s defenses.
The International Cybercrime Prevention Act of 2021 would create new criminal violations for those targeting critical infrastructure, including hospitals.
“Over the last few months, we have seen the severity cybercrime attacks can have on our nation’s infrastructure, and it is time for Congress to ensure our cyber defense can withstand these attacks in the future,” said Senator Thom Tillis, R-S.C., who cosponsored the bill, in a statement.
WHY IT MATTERS
The bill, which was also introduced by Senators Richard Blumenthal, D-Ct., Lindsey Graham, R-S.C. and Sheldon Whitehouse, D-R.I., aims to enhance the Department of Justice’s authority around cybercrime.
In addition, it intends to make it easier to counter and disrupt networks of infected computers, also known as botnets.
If passed, the bill would:
- Allow authorities to confiscate communication devices and other tools used to commit cybercrime.
- Enhance prosecutors’ ability to shut down botnets and other digital infrastructure used for a wide range of illegal activity.
- Create a new criminal violation for individuals who have knowingly targeted critical infrastructure such as dams, power plants, hospitals, and election infrastructure.
- Prohibit cybercriminals from selling access to botnets to carry out cyberattacks.
“The more we shift control of everyday life to cyberspace, the more opportunities we open to international cybercriminals,” said Whitehouse.
“From ransomware attacks on American companies and critical infrastructure to the pillaging of citizens’ private data for profit, it’s clear we need to arm authorities to protect Americans against cybercrime,” he continued.
Cybersecurity experts praised the legislation, calling it a “positive step forward.”
“Although ransomware is much in the news currently, there is a constant backdrop of data exfiltration and plain old fraud via the exponentially expanding threat landscape,” said David Stewart, CEO of the cybersecurity vendor Approov.
“Therefore being able to aggressively pursue the perpetrators of CI ransomware and other criminal acts is very welcome,” he said.
“I am happy to see that the government is considering stricter penalties for those threat actors, many of [whom] are foreign based,” said Chenxi Wang, general partner at Rain Capital.
However she noted that policymakers could take additional action.
“Because of the widespread impact of these attacks, I also think it is important to go a step further to establish international coalitions or treaties against ransomware and critical infrastructure attacks, perhaps in the same vein as the nonproliferation of nuclear weapons treaty,” she added.
THE LARGER TREND
Cracking down on cybercrime is standing out as a bipartisan concern in Washington.
President Joe Biden’s administration hinted earlier this month that it could consider military action in response to ransomware attacks enabled by foreign nation-states.
“We are considering all of our options,” said U.S. Secretary of Commerce Gina Raimondo in an interview with ABC’s George Stephanopoulos.
“We are not taking anything off the table as we think about possible repercussions, consequences or retaliation,” she added.
That interview followed the release of Biden’s proposed budget, which would put billions of dollars toward cybersecurity.
ON THE RECORD
“From critical water supplies and natural gas lines to government agencies and our elections, recent attacks have revealed glaring vulnerabilities in our nation’s cybersecurity infrastructure,” said Blumenthal.
“Further delay isn’t an option. We need the International Cybercrime Prevention Act to bolster our defense against hackers and foreign adversaries who will stop at nothing to disrupt and meddle,” he continued.
Kat Jercich is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.
Source: Read Full Article