U.S. Sens. Marco Rubio (R-FL) and Dianne Feinstein (D-CA) introduced last week legislation designed to strengthen critical infrastructure cybersecurity and address foreign governments knowingly harboring cybercriminals.
The Sanction and Stop Ransomware Act seeks to initiate critical infrastructure standards, cryptocurrency regulations, state sponsorship of ransomware designations, sanction authority, and establish ransomware reporting requirements.
Additionally, the legislation would require the Cybersecurity and Infrastructure Security Agency (CISA) to establish an Information System and Network Security Fund as a means of enabling network recovery from an event impacting eligible entity network cybersecurity of the eligible entity with $1.5 billion authorized for 10 fiscal years.
“Ransomware attacks threaten the health and safety of countless Americans,” Rubio said. “Our bipartisan bill provides the tools necessary to help safeguard critical infrastructure while discouraging and disrupting these criminal organizations, including the regimes who harbor them. It is time for the United States to take strong, decisive action to protect American businesses, infrastructure, and government institutions.”
Feinstein said cybercriminals target small companies, large corporations, and government agencies using ransomware.
“Congress must do more to support all organizations and companies struggling to deal with these escalating attacks,” she said. “Our bill will help the private and public sectors avoid ransomware attacks, reduce incentives to pay ransoms, and hold foreign governments accountable if they provide a safe haven for ransomware perpetrators.”