New bill looks to ramp up penalties for ransomware crooks

Three senators are aiming to pass new legislation that expands DOJ's power to go after botnets and stiffen penalties for cyberattacks on critical infrastructure by adding it to the upcoming infrastructure bill.

critical infrastructure security (Ravil Sayfullin/Shutterstock.com)
 

A bipartisan group of senators on Thursday introduced legislation aimed at creating stricter penalties for cyberattacks against critical infrastructure and providing the Justice Department more leeway in bringing charges against criminals in foreign countries.

The International Cybercrime Prevention Act is co-sponsored by Sens. Sheldon Whitehouse (D-R.I.), Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.).

Whitehouse said the bill takes the existing legal statutes for racketeering, money laundering and forfeiture and "brings them to bear on cyber criminals."

The bill permits law enforcement to seize funds generated from the sale of spyware and to take equipment such as illegal intercept devices used in the commission of hacking campaigns, ransomware and other nefarious activity, according to a fact sheet provided by the lawmakers.

The bill would also make it easier for DOJ to go after botnets by expanding the list of reasons the federal government can seek injunctive relief. Under the current law, DOJ can only seek relief when a botnet is engaged in fraud or illegal wiretapping. The new bill would broaden that activity to include the destruction of data, denial of service attacks and certain violations in the Computer Fraud and Abuse Act.

Versions of the bill have been introduced in the past in the House and the Senate, but lawmakers cited the recent attack against Colonial Pipeline as an impetus for reintroducing the bill now.

"How could the single source of gasoline for the East Coast… be shut down in 2021," Graham asked during a June 17 press conference announcing the bill. "Clearly, the private sector has not done its job and I would argue if you're a shareholder of the Colonial Pipeline, you should be really pissed."

(Colonial Pipeline is a privately held concern, founded as a joint venture by a group of oil companies, and now owned mostly by pension funds.)

The senators hope to attach their bill to the highly anticipated infrastructure bill that Congress and the Biden administration have been negotiating for several weeks.

Asked about how the bill will deter foreign actors, most of whom reside in host countries that will often passively allow criminal activities such as ransomware attacks, Whitehouse cited DOJ charges brought up under the Obama administration against Chinese military officials that acted as a "shot across the bow" warning to other countries.

President Joe Biden during his Wednesday meeting with Russian President Vladimir Putin gave the Russian leader a list of 16 critical infrastructure areas that should be considered off-limits to cyber intrusions. That list presumably maps to the list of 16 critical infrastructure areas designated by the Department of Homeland Security.