A bipartisan group of senators have reintroduced the International Cybercrime Prevention Act that would give prosecutors new tools to fight sophisticated cyber criminals.
The bill, which was initially proposed in 2018, does not have a companion bill in the House. It is backed by Sens. Sheldon Whitehouse (D-RI), Lindsey Graham (R-SC), Richard Blumenthal (D-CT) and Thom Tillis (R-NC).
The measure would create stricter criminal consequences for hackers targeting critical infrastructure, such as the energy grid, and hospitals, election systems and other data rich targets. It comes in the wake of a spate of ransomware attacks that have hit U.S. critical infrastructure targets, such as the Colonial Pipeline incident, meat packer JBS, government agencies and private businesses. Earlier versions of the legislation lacked the impetus of recent cyber attacks to advance it through Congress.
The International Cybercrime Prevention Act re-surfaces roughly one month after President Biden’s executive order on cybersecurity. That executive order, issued in May 2021, specifically mentioned the role IT service providers and their role in cybersecurity more than a dozen times.
Now, many eyes are on the International Cybercrime Prevention Act.
“The more we shift control of everyday life to cyberspace, the more opportunities we open to international cybercriminals,” said Whitehouse. “From ransomware attacks on American companies and critical infrastructure to the pillaging of citizens’ private data for profit, it’s clear we need to arm authorities to protect Americans against cybercrime,” he said.
Here are the bills provisions, according to a fact sheet provided by lawmakers:
- Expands existing legal statutes for racketeering, money laundering and forfeiture and applies them to hackers.
- Authorizes prosecutors to seize tools used in hacking operations and the resulting proceeds.
- Makes it easier for the Department of Justice to go after botnets by expanding the reach of the current law beyond fraud or illegal wiretapping to include distributed denial of service attacks, destruction of data and other violations of the Computer Fraud and Abuse Act.
- Creates a new criminal violation for hackers knowingly damaging systems that control critical infrastructure, such as dams, power plants, hospitals, and election networks. (At the recent G7 conference, President Biden handed Russian President Vladimir Putin a list of 16 critical infrastructure facilities deemed off limits to cyber attacks).
- Prohibits selling access to compromised computers within a botnet. Under current law, it is difficult to prosecute sellers of access to compromised computers especially when the seller is not the person who compromised the computer.
“This bill would supply the Department of Justice with the tools and resources necessary to protect our country from future cyberattacks,” Blumenthal said. “From critical water supplies and natural gas lines to government agencies and our elections, recent attacks have revealed glaring vulnerabilities in our nation’s cybersecurity infrastructure,” he said. “We need the International Cybercrime Prevention Act to bolster our defense against hackers and foreign adversaries who will stop at nothing to disrupt and meddle.”
Sen. Graham said the legislation will dramatically increase penalties for those engaged in cybercrime and cyberterrorism, “sending the message that America will not tolerate such criminal activity against our economy and our people.”