The Sanction and Stop Ransomware Act, introduced by committee vice chair Marco Rubio, R-Fla., and Sen. Diane Feinstein, D-Calif., directs the Secretary of State in coordination with the Director of National Intelligence (DNI) to identify and impose penalties on states that sponsor ransomware assaults.
The secretary and DNI would be responsible for determining if a ransomware attack was in any way state-supported, including by providing a "safe haven for individuals or groups."
The legislation would then require the U.S. president to slap sanctions on any country designated as a state supporter of ransomware – a policy that is consistent with sanctions levied against state-sponsored terrorism.
|CRWD||CROWDSTRIKE HOLDINGS, INC.||263.09||-1.65||-0.62%|
"Cybercriminals don’t discriminate – they target small companies, large corporations, and government agencies using ransomware," Feinstein said in a statement. "Congress must do more to support all organizations and companies struggling to deal with these escalating attacks."
The legislation comes after months of increasing cyberattacks coming out of Russia and most recently China, following the attack on Microsoft's Exchange email servers last month.
The Biden administration accused the Chinese government of having a hand in the breach. Secretary of State Antony Blinken said China’s Ministry of State Security "fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain."
In an attempt to preemptively counter future attacks, the bill calls for the creation of cybersecurity standards for critical infrastructure groups in both the private and public sectors.
The bill would require "federal agencies, government contractors, and critical infrastructure owners and operators" to report any attack within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA) – which would be tasked with establishing a new ransomware reporting system.
"Ransomware attacks threaten the health and safety of countless Americans," Rubio said in a statement. "It is time for the United States to take strong, decisive action to protect American businesses, infrastructure, and government institutions."