Congress May Be Forced To Disclose Ransomware Attacks

( During a Senate hearing on Tuesday, federal cybersecurity officials urged Congress to pass new laws that would require private businesses and organizations who become targets of ransomware attacks to disclose the details of the attack – including details of any ransom demands and/or payments made to private entities.

Richard Downing, an official from the criminal division at the Justice Department, told the Senate Judiciary Committee that requiring disclosure of ransomware attacks to federal authorities would allow the government to better track the hacks, apprehend the perpetrators, as well as aid in preventing future attacks from happening.

While cyberattacks have been a persistent problem over the past decade, the recent spate of massive, crippling attacks on the computer systems of the US government, as well as the Colonial Pipeline attack in May and the ransomware attack on the meat producer JBS have highlighted the need for increased cybersecurity protections both within the government and the among private sector.

Eric Goldstein, the executive assistant director for cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency told the Senators that mandatory reporting of such data breaches and attacks is the primary action cybersecurity officials expect to see from Congress.

In addition to that, Goldstein said that the $20 million response and recovery fund requested by DHS to provide additional cybersecurity assistance to local governments and private entities would be a “critical step forward for us.”

In April, Senator Gary Peters (D-MI) and Senator Rob Portman (R-OH) introduced the Cyber Response and Recovery Act, a bipartisan bill that would provide better coordination between federal and nonfederal entities in the attempts to respond to serious cyberattacks and breaches.

Last week, the House Energy and Commerce Committee approved eight bipartisan bills designed to better equip the government and private sector with the tools necessary to handle this recent explosion of cyber-intrusions and ransomware attacks.

Two weeks ago the Biden Administration formally blamed China for the hack of Microsoft Exchange servers that took place in March. However, President Biden made it clear that the US would not sanction the Communist Chinese Government for the hack – explaining that the Chinese government isn’t doing the hacking themselves, it is only “protecting” the hackers.

So long as the President of the United States is unwilling to deal with hostile nations who aid and abet these kinds of cybersecurity threats, no amount of laws in Congress will make much difference.