Expect Congress to take up new measures in 2021 to fight the flood of ransomware attacks hitting public sector organizations along with other pressing cybersecurity issues, a number of legislators and security experts have told The Hill.
That report surfaced even before SolarWinds, FireEye and U.S. government sources described SUNBURST -- an apparent nation state attack allegedly organized by Russia vs. multiple government and corporate targets.
Amid those cyber pressures, lawmakers to look at legislation to allocate federal funds to state and local governments to pump up their cybersecurity defenses, House Homeland Security Committee chairman Bennie Thompson (D-MS) told The Hill, calling it “one of our top priorities next year.”
Thompson said that he and other lawmakers will again try to get passed the State and Local Cybersecurity Improvement Act, a bipartisan bill to establish a $400 million grant program to provide funds to help lower-level government agencies erect digital barriers to cyber attacks. A similar clarion call for support hospitals victimized by ransomware extortionists was issued by ranking member Rep John Katko (R-NY) of the House Homeland Security Committee’s cybersecurity subcommittee, who told The Hill that the attacks on hospitals in his home state should be a “wake up call for lawmakers. We have to take meaningful action to address our vulnerabilities,” he reportedly said. “In the upcoming Congress, I’ll bring cybersecurity to the forefront and work to advance comprehensive measures that strengthen our nation’s cyber defenses.”
Lawmakers also homed in on the nation’s need for continued vigilance to secure U.S. elections from foreign intervention, by all accounts a successful operation in the 2020 elections, so much so that Christopher Krebs, the former director of the nation’s cybersecurity wing, said the election infrastructure came through the day unscathed. “After millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” he said.
Securing voting machines and containing disinformation remain serious concerns for security officials in 2021. “You can’t take your eyes off the ball, you have to continue your diligence,” Christopher Painter, formerly State Department cybersecurity coordinator under the Obama and Trump administrations, told The Hill. “ The attack profile is still there,” he said. “We also need to deal with this difficult issue of social media and how we deal with that given freedom of expression,” Painter reportedly said. “You run into very difficult political issues on that one, but I think that is something we have to do.”
In addition, a key issue for the incoming Biden administration will be funding for state and local governments to secure the electoral process. Last July, the House approved $500 million in election security funding for states as part of a $1.3 trillion appropriations package for fiscal 2021. “We will also work with the incoming Biden administration to continue to improve election security and restore public confidence in the electoral process after months of irresponsible rhetoric from the White House,” Thompson reportedly said. “We will continue to advocate for ongoing, predictable funding for state and local governments to continue to replace outdated election equipment and improve security training for election officials,” he said.
Senate Homeland Security and Governmental Affairs Committee ranking member Gary Peters (D-MI) told The Hill that “Congress and the incoming administration must work together to secure our critical infrastructure and protect our communities and institutions from online attacks — including our health care systems, schools, small businesses and local governments.” Some of those key issues, Senate Intelligence Committee Vice Chairman Mark Warner (D-VA) told The Hill also include “deep fakes, 5G and AI.”
Separately, on Friday, December 11, the Senate sent to President Trump for his signature the fiscal $740 billion 2021 National Defense Authorization Act (NDAA), which creates a new national cybersecurity director position within the White House responsible for coordinating federal cybersecurity policies. The bill, which Trump has vowed to veto, passed in both chambers of Congress with veto-proof majorities.
