Lawmakers are looking to create a new strategy in the fight against ransomware in the United States. Yesterday, the House Homeland Cybersecurity subcommittee heard from members of the Institute for Security and Technology (IST) Ransomware Task Force which is made up of 60 experts from industry, government, nonprofits and academia. The task force published a report that outlined 48 policy solutions for lawmakers and the private sector. Both the White House and the Department of Homeland Security agree that ransomware is a national security risk and a whole of government approach needs to be taken to combat the growing threat.
Analyst Notes
Ransomware is not a new threat but it has been steadily growing in economic impact and the recent widespread attacks involving government agencies has put ransomware at the top of policy makers’ minds. The White House has taken some action in adding Cybersecurity policies into the American Relief Act, and appointing a National Cybersecurity Director. Congress is now looking to the private sector for expert advice on how to combat this growing threat. The report offers several solutions and suggestions, to include a recovery fund for victims of ransomware. The fund would aim at reducing the number of organizations that pay ransoms because they would receive aid from the government to recover systems and data without interacting with the criminals. The report also recommends that countries band together to put economic pressure on nations that knowingly harbor cybercriminals and which refuse to investigate or prosecute their citizens for crimes committed against businesses in other countries. Another recommendation is that the cryptocurrency exchanges that enable ransomware payments should be regulated by governments and required to identify their customers identities, removing the ability of criminals to remain anonymous while accepting millions of dollars in extortion payments. None of these solutions or suggestions will stop ransomware by itself, but taken together, these policy approaches could allow positive progress to be made on the issue.
Sources: https://www.washingtonpost.com/politics/2021/05/06/cybersecurity-202-lawmakers-scramble-legislative-solutions-growing-ransomware-crisis/
https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf
