U.S. companies that provide critical services or have high-value trade secrets should be required to improve their cybersecurity and report hacking attacks to the federal government, national security officials and senators said Tuesday.
The attack on
“We now have a situation in which you can have critical infrastructure companies fail at meeting basic standards of cyber hygiene, and we’re OK with that,” Whitehouse, a Rhode Island Democrat, said. “We don’t have to regulate everybody in the world. But if you’re critical infrastructure we should no longer tolerate this voluntary regime with big companies who know their infrastructure is critical and fail.”
Whitehouse has introduced legislation with Senator
The Justice Department also wants Congress to pass legislation requiring certain companies to notify the federal government about ransomware attacks, Richard Downing, deputy assistant attorney general, testified. The requirement should be for breaches that affect critical supply chains and high-value trade secrets, Downing said.
The department is also seeking help from Congress to improve the ability to disrupt criminal activity and enhance the ability to prosecute those carrying out attacks, who often live in countries that are off-limits to U.S. investigators such as Russia and China, Downing said.
Downing said that Russia is at the top of the list of countries that protect criminals. The U.S. has found connections between criminals carrying out ransomware attacks against U.S. companies and Russian intelligence agencies, Downing said.
“I wouldn’t say that the government of Russia is behind these attacks. However, we do believe they aren’t doing what they could be doing to suppress these attacks,” Downing said.
Although there was bipartisan support for new legislation, the hearing also aired criticism along party lines. Senator
Downing, the Justice Department official, said that “most of the ransom paid by the Colonial Pipeline was recovered,” despite criticism of the administration’s performance.
(Updates with Justice Department official in final paragraph)
--With assistance from
To contact the editors responsible for this story:
Larry Liebert, Andrew Martin
© 2021 Bloomberg L.P. All rights reserved. Used with permission.