Lawmakers weigh responses to rash of ransomware attacks

Lawmakers weigh responses to rash of ransomware attacks
© iStock

Lawmakers on both sides of the aisle are mulling how to address the spate of ransomware attacks that have brought some state and local governments to their knees over the past few months.

The ransomware attacks, which involve an individual or group encrypting a computer system and demanding money to allow the user to regain access, have crippled districts, libraries and municipal governments.

ADVERTISEMENT

In the past week, attacks on the school district in Flagstaff, Ariz., forced the cancellation of classes for two days. And in Florida’s Wakulla County, an attack left school employees unable to securely send emails.

There have also been ransomware attacks on school districts in Oklahoma, Virginia and New York. In Louisiana, Gov. John Bel Edwards (D) declared a state of emergency after multiple school districts were hit with by ransomware attacks in July. 

Despite the widespread attacks and pending legislation, lawmakers have yet to coalesce around a unified strategy for countering the threats.

“It’s a top priority of the committee, and we’ll continue oversight, we’ll continue looking at the issue. I can’t tell you anything specific we are going to do, though,” said Sen. Ron JohnsonRonald (Ron) Harold JohnsonSunday shows — New impeachment phase dominates Rand Paul says Trump has 'every right' to withhold Ukraine aid over corruption Johnson dismisses testimony from White House officials contradicting Trump as 'just their impression' MORE (R-Wis.), chairman of the Senate Homeland Security and Governmental Affairs Committee.

Sen. Gary PetersGary Charles PetersAdvocates step up efforts for horse racing reform bill after more deaths Warren doubles down — to Democrats' chagrin, and Trump's delight Senators urge Trump to fill vacancies at DHS MORE (Mich.), the top Democrat on the committee, told The Hill on Wednesday that ransomware poses an “epidemic problem."

“Chairman Johnson and I have been talking about cybersecurity issues pretty regularly, it’s something that may indeed come up in the future,” Peters said, referring to action on ransomware.

ADVERTISEMENT

Peters previously introduced legislation that would bolster coordination between the Department of Homeland Security and state and local governments on cybersecurity threats like ransomware.

That bill, co-sponsored by Sen. Rob PortmanRobert (Rob) Jones PortmanRepublicans warn election results are 'wake-up call' for Trump GOP lawmakers fear Trump becoming too consumed by impeachment fight Synagogues ramp up security in year since Tree of Life shooting MORE (R-Ohio), was approved by the Senate Homeland Security Committee in June but has yet to receive a floor vote.

Rep. John KatkoJohn Michael KatkoProgressive group unveils first slate of 2020 congressional endorsements Democratic lawmakers call on Judiciary Committee to advance 'revenge porn' law Katie Hill resignation reignites push for federal 'revenge porn' law MORE (R-N.Y.), the ranking member of the House Homeland Security Committee’s cybersecurity subcommittee, introduced similar legislation last month.

His measure would require the Department of Homeland Security to create a guide for assisting state and local governments in preparing for, defending against and recovering from a cyberattack. Katko cited recent ransomware attacks on the City of Syracuse School District and the Onondaga County Public Library System as examples of why Congress needs to take action.

The lack of urgency on Capitol Hill stems in part from competing legislative priorities. Democrats have made election security legislation one of their key priorities for the fall, and both parties are now turning much of their attention to passing spending bills to avoid a government shutdown on Oct. 1.

Advocates are hopeful that lawmakers, in weighing their legislative responses to ransomware, will draw upon some of the suggestions put forth by officials on the front lines.

Atlanta Mayor Keisha Lance Bottoms said during testimony before the House Homeland Security cybersecurity subcommittee over the summer that the federal government should provide “cybersecurity disaster relief funding" to help state and local governments address ransomware attacks.

“We are living in a different digital world now,” Bottoms said. “Nation-state actors and other foreign adversaries are attacking our state and local governments and we need a strong federal partner to defend against those threats.”

Rep. Cedric RichmondCedric Levon RichmondTwo former Congressional Black Caucus chairmen back Biden Election security funds caught in crosshairs of spending debate Lawmakers weigh responses to rash of ransomware attacks MORE (D-La.), chairman of the cybersecurity subcommittee, told The Hill he is exploring “some sort of follow-up” to that hearing, and noted that the panel might speak with Bottoms on next steps to address ransomware attacks.

“Maybe we’ll establish best practices or something like that, but it’s something that we’re going to have to deal with, as well as election security, as we get ready for elections,” Richmond said.

Rep. Jim LangevinJames (Jim) R. LangevinBill introduced to give special immigrant visas to Kurds who helped US in Syria Hillicon Valley: Amazon poised to escalate Pentagon 'war cloud' fight | FCC's move to target Huawei garners early praise | Facebook sues Israeli firm over alleged WhatsApp hack | Blue Dog Dems push election security funding Amazon poised to escalate Pentagon 'war cloud' fight MORE (D-R.I.), a member of the cybersecurity subcommittee, said he is “angry and frustrated” by the attacks and intends to bring up the issue with Richmond.

Ransomware attacks also came up during a Senate Homeland Security hearing this week, when Sen. Maggie HassanMargaret (Maggie) HassanHillicon Valley: Facebook launches 'News Tab' | Senate passes bill to take on 'deepfakes' | Schumer outlines vision for electric cars Senate passes legislation to combat 'deepfake' videos Hillicon Valley: Senators seek national security review of TikTok | TikTok denies claims of Chinese government influence | CNN chief rips Facebook policy on political ads | Dem questions DHS' handling of personal data MORE (D-N.H.) asked three former Homeland Security secretaries what Congress can do.

Michael Chertoff, who served under former President George W. Bush, and Jeh Johnson, who served during the Obama administration, both highlighted the need to educate state and local government employees on how to identify potential cyber threats.

“One thing that we could be doing would be to help localities do some basic things to secure their infrastructure, including things like for example having backups for data, it’s not going to eliminate the problem, but it’s going to reduce the issue,” Chertoff said.

Johnson pointed to the need to make sure that those with access to key systems know how to prevent threats.

“You’d be surprised by the number of people who don’t know how to respond to a suspicious email, and a lot of these attacks begin with an act of spear-phishing, somebody opened an email or an attachment they shouldn’t have opened, so simply raising the awareness among people we entrust with the system goes a long way,” Johnson said.