The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks.
The proposed law, the “DHS Cyber Hunt and Incident Response Teams Act,” authorizes the Department of Homeland Security (DHS) to invest in and develop “incident response teams” to help organizations battle ransomware attacks. Part of that means that the DHS would create teams to protect state and local entities from cyber threats and restore infrastructure that has been affected by ransomware attacks.
“Our cyber response teams play an important role in protecting against cyber threats, reducing cybersecurity risks, and helping to get our cyber infrastructure back up and running after an attack occurs,” said Senator Rob Portman (R-OH), a co-author of the plan, in a statement last week. “I am glad the Senate passed our bipartisan legislation and I hope we send it to the president’s desk soon so that we can strengthen our response efforts in the event of a cyberattack.”
In addition to restoring infrastructure hit by ransomware attacks, the legislation-backed incident response teams would also seek to proactively mitigate against cyber threats along with identifying cybersecurity risks, developing mitigation strategies and providing guidance to infrastructure owners.
The teams would be sent to both public and private entities “upon request”; giving each advice on how best to fortify their systems from ransomware, giving additional technical support, and providing incident response for organizations that fell victim to an attack.
Security experts like Allan Liska, Senior Solutions Architect with Recorded Future, applauded the bill. Liska praised the bill’s mandate of inclusion for state, local and tribal government representation, and applauded the fact that the teams are not merely reactive when it comes to cyberattacks – but also have proactive measures to help organizations protect against threats.
“Overall, I think that this is a good bill that, if implemented correctly, could bring much needed relief to state and local governments that reeling from attacks this year,” Liska told Threatpost. “State, local and tribal governments (as well as other entities) can reach out for assessment and advice. One of the biggest complaints we heard from state and local governments in our research is that even if they had the funds to implement appropriate protections, they often didn’t have the time/personnel to do so.”
Chris Morales, head of security analytics at Vectra, told Threatpost that the legislation is a “good first step” – but he wants to see more investment in security from the government in the future.
“It’s a good first step to enable the DHS to assist in providing advice for securing systems and for response when something does occur,” Chris Morales, head of security analytics at Vectra, told Threatpost. “However, that is all this is. A first step. I would like to see the federal and state governments implement a program that provides funding for a security operations center that operates at the scale of a well-funded large financial institution. Without this extra step, all the good advice in the world will be pointless.”
The legislation was first introduced in February 2019 by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH). With the bill being passed in the Senate, it will now be headed to the House of Representatives for approval.
A similar bill has already passed in the House of Representatives in 2018, called the “DHS Cyber Incident Response Teams Act of 2018.” Senators said that the two pieces of legislation will now begin a reconciliation process.
The legislative measures come as both cities and schools – as well as private entities – continue to face ransomware attacks that cripple systems and freeze up data.
In August, Texas officials were left scrambling after up to 22 Texas entities – the majority of which are local governments – were hit by a coordinated ransomware attack which Texas officials said is part of a targeted attack launched by a single threat actor.
In July, Louisiana’s governor declared a statewide state of emergency after a rash of public schools were hit with ransomware, with school districts in the northern part of the state – including Monroe City, Morehouse Parish and Sabine Parish – being impacted.
What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.