Citing the rapid rise in the number and severity of cyberattacks in the U.S., a bipartisan group of U.S. senators has re-introduced the International Cybercrime Prevention Act, which they say will give law enforcement agencies the tools they need to fight back. The bill was previously introduced in 2018 and is designed to establish new criminal offenses related to computer crimes and authorizes the Department of Justice to pursue additional remedies.
How dire is the threat?
We've covered dozens of ransomware stories over the years, including why ransomware is so effective, the rising costs associated with the crime, and troubling attacks that specifically target healthcare providers.
The United States has been escalating its response to cybercrime, including forming a new federal task force and the issuance of an executive order by Pres. Joe Biden. The senators that have reintroduced the International Cybercrime Prevention Act—Democratic Sens. Sheldon Whitehouse (Rhode Island) and Richard Blumenthal (Connecticut) and Republican Sens. Thom Tillis (North Carolina) and Lindsey Graham (South Carolina)— point to "a spate of crippling cyberattacks this year from hackers based in Russia and around the globe."
Those attacks include the breach of the Colonial Pipeline Company last month, one of the largest ransomware attacks ever, disrupting the nation's fuel supply. "Over the last few months, we have seen the severity cybercrime attacks can have on our nation’s infrastructure, and it is time for Congress to ensure our cyber defense can withstand these attacks in the future," said Sen. Tillis. The senators also cited reports from the FBI and the United Nations that highlighted the rise in cybercrime in the wake of the COVID-19 pandemic; the Center for Strategic and International Studies has logged 56 significant cyber incidents this year with losses of more than a million dollars each. “The more we shift control of everyday life to cyberspace, the more opportunities we open to international cybercriminals,” noted Sen. Whitehouse. “We need to arm authorities to protect Americans against cybercrime,” he said.
What does the proposed bill do?
According to its supporters in Congress, the International Cybercrime Prevention Act would:
- Create a new criminal violation for individuals who have knowingly targeted critical infrastructure, including dams, power plants, hospitals, and election infrastructure
- Enhance prosecutors’ ability to shut down botnets and other digital infrastructure used for a wide range of illegal activity
- Prohibit cybercriminals from selling access to botnets to carry out cyber-attacks
- Allow authorities to confiscate communication devices and other property used to commit cybercrime
Practically speaking, the International Cybercrime Prevention Act adds ransomware and other online attacks to existing legal statutes for racketeering, money laundering and forfeiture. It also expands the range of illegal activities for which botnets can be used beyond fraud and illegal wiretapping to include the destruction of data, denial of service attacks and certain violations in the Computer Fraud and Abuse Act.
Will the Act become law?
This isn't the first time similar legislation has been introduced in Washington, D.C. At a press conference earlier this month, Sen. Graham highlighted previous efforts to call attention to the threat of cyberattacks, including a July 2015 hearing on cybercrime, a May 2016 hearing on ransomware, and an August 2016 hearing on the threat to critical infrastructure. The most recent attempt saw two Senate readings before dying in the Judiciary Committee. That was before the Colonial Pipeline attack, however, which brought widespread attention to the threat of cyberattacks. "How could the single source of gasoline for the East Coast be shut down in 2021?" Sen. Graham asked. "Clearly the private sector has not done its job . . . If the private sector needs help from the government I think we're willing to make sure that happens."
What can businesses do?
Sen. Graham is clearly unimpressed with what the private sector has done to defend critical infrastructure in the U.S.—especially since there is no shortage of resources and information available to businesses looking to step up their cybersecurity. Even the strictly apolitical National Institute of Standards and Technology (NIST), which typically concerns itself with setting official definitions for measurements of time and matter, has weighed in with several security recommendations. Among them? Setting up automatic email scanning to detect and block malware. Paubox Email Suite Plus provides robust email security, including our patented ExectProtect feature, which stops display name spoofing emails from ever reaching the inbox, and Zero Trust Email, which requires an additional layer of proof of legitimacy before delivering an email. In addition, Paubox Email Suite enables you and your employees to send HIPAA compliant email directly to your recipients' inboxes, a vital feature for any healthcare organization.