Senators unveil legislation to crack down on cyber criminals

A bipartisan group of senators on Thursday unveiled legislation intended to crack down on cyber criminals, who have increasingly posed a threat to critical U.S. organizations. 

Sens. Lindsey Graham (R-S.C.), Sheldon Whitehouse (D-R.I.) and Richard Blumenthal (D-Conn.) introduced the International Cybercrime Prevention Act, which would enhance criminal violations for hackers targeting critical infrastructure such as dams, power plants, hospitals and election equipment.

It would also expand the Justice Department’s ability to go after botnet groups by allowing injunctions against botnets involved in certain destructive cyberattacks, destruction of data or other issues that pose a violation of the Computer Fraud and Abuse Act. 

Further, the bill would ban the sale of access to a compromised computer if the buyer intends to use this access to create damage, and it cracks down on the sales of certain surveillance and spyware devices. 

“From the criminal enterprise point of view, we have to up the cost of doing business here. These people are making probably millions of dollars, and the penalties are inadequate to the crime,” Graham told reporters at a press conference on Capitol Hill Thursday. “That is what we are here today to deal with, is give prosecutors more tools to shut down botnets and increase the cost of doing business by increasing criminal penalties.”

Whitehouse told reporters Thursday at the same press conference that there “ought to be some red faces” in both government and the private sector on cybersecurity following recent attacks on Colonial Pipeline, meat producer JBS USA and other critical organizations. 

“Partly it’s the national cybersecurity establishment that needs to step up its game, and partly it’s the corporate community that has been caught with its figurative trousers down having said for years, ‘don’t worry, we’ve got this, don’t regulate us,’” Whitehouse said.

Blumenthal pointed to the need to combat botnets and other cyber threats, which he saw as out of control.

“What we’re seeing here is not just a weed, it’s an invasive species, it’s comparable to an invasive species that needs to be stopped in your garden before it takes over everything in that garden,” Blumenthal said. “Here the garden will succumb to that invasive species if we don’t stop it.”

The bill was previously introduced by the same sponsors in 2018, but did not get a vote in the Senate. Graham told reporters that he would “insist” on attempting to add the bill to any potential Senate agreement on an infrastructure package. 

The bill was introduced after a year in which cyberattacks have spiked worldwide against a number of critical groups, including health care organizations and hospitals amid the COVID-19 pandemic. Schools, local governments and other critical organizations have also often been targeted.

In addition, threats from foreign nations such as Russia and China have increased, with the Russian government linked by U.S. intelligence agencies earlier this year to the SolarWinds hack. The incident allowed the hackers to conduct espionage in the systems of nine U.S. federal agencies and at least 100 private sector groups for most of last year prior to discovery. 

The recent attacks linked to either the Russian government or cyber criminal groups assessed by the FBI to be based in Russia was top of the agenda Wednesday during the summit between President Biden and Russian President Vladimir Putin in Switzerland. 

Biden told reporters following the summit that he had outlined the “significant” cyber operations of the U.S. government to Putin, and warned him against further malicious activities in cyberspace. 

Graham said Thursday that the new legislation would help in pursuing cyber criminals harbored by Russia involved in recent attacks on Colonial Pipeline and JBS USA. 

“I don’t think Putin is going to stop until the pain is real. I think the likelihood of criminal enterprises this large operating in Russia without his knowledge is zero, and the offensive capability of the United States is large,” Graham told reporters. 

Whitehouse pointed to the increased threats as intensifying the need for the new legislation to become law. 

“If there ever was a time to get this done, this is it. We are going to work very hard to get this passed,” the senator said.