At a glance.
- Regulating ransom payments, at the US Federal and state levels.
- Bringing private sector cyber expertise into the US Federal Government.
- Reflections on cyber piracy.
Four US states, Executive Branch consider regulating ransom.
As we’ve seen, four US states are contemplating restrictions on ransomware payments. CSO Online reports expert opinion that mandatory reporting would be preferable, as New York Senate Bills S6806A and S6154, Texas House Bill 3892, North Carolina House Bill 813, and Pennsylvania Senate Bill 726 advance. Advocates of the bans expect cutting off funding to dissuade attackers; critics worry organizations faced with the alternative of going under or shutting off critical services will keep their situation quiet and turn to shady brokers.
The Federal Government is hesitant to prohibit ransom payments, says CyberScoop, but the Administration is considering a mandatory ransomware reporting regime, according to Deputy National Security Advisor for Cyber Anne Neuberger.
BusinessWire has the results of a survey on ransomware conducted by cloud security firm Menlo Security. Nearly eighty percent of respondents think victims should not pay up. Over half of respondents said the Government should be responsible for protecting organizations from ransomware.
Congress revives plan to rotate industry experts through Federal Agencies.
FedScoop describes the US Senate’s Federal Rotational Cyber Workforce Program Act and its House counterpart, which have gained new life amid growing concern about the Federal cyber talent pipeline. The bills would launch a rotation program where private-sector tech professionals take shifts serving the Government, similar to existing DARPA and Intergovernmental Personnel Act Mobility Program initiatives.
Towards reclaiming the cyber seas?
An opinion in the Brisbane Times weighs an array of responses to the new “pirates of the cyber seas,” including internationally-coordinated info-sharing, diplomacy, sanctions, policies, and operations, and the possibility of weaponizing friendly firms. Cisco Talos recently dubbed cyber gangs that “enjoy some kind of protection from governments” ‘privateers,’ a hat tip to the “pirates with papers” of yore, like those enlisted by Britain in the 1700s to reclaim the seas from Spain. Authorities around the world, as we’ve seen, are losing patience with Russian cyber gangs that target political adversaries with impunity.