The House Energy and Commerce committee passed eight bipartisan bills this week to better equip the government and businesses with tools to handle the recent explosion in ransomware attacks.
The bills, which passed with overwhelming bipartisan support, are focused on increasing coordination between the government and relevant industries, implementing cybersecurity best practices, educating everyday technology users, limiting the use of Chinese devices, and strengthening the security programs at the Federal Communications Commission and the National Telecommunications and Information Administration.
Despite cyberattacks being a common problem in the past decade, it is the recent series of massive attacks on the computer systems of the federal government, the Colonial Pipeline, and the meat producer JBS that have brought mainstream awareness to the need for increased cybersecurity protections within governments and businesses.
“It’s encouraging that these eight cybersecurity bills are part of a whole government effort to tackle ransomware and hacks,” said Jim Zuffoletti, co-founder and CEO of SafeGuard Cyber, a firm that provides digital risk protection from ransomware attacks and other computer security issues.
He noted the federal government has also created a multi-agency cybersecurity task force, provided new security guidelines to businesses, and implemented relevant executive orders after the slew of major ransomware attacks earlier this year.
“But the government cannot solve this problem on its own. Citizens and private companies have an important role as well. They all have to work at it together,” he said.
Some of the most notable bills within the package of legislation include the NTIA Policy and Cybersecurity Coordination Act, which would give the agency new powers and allows it to gather key information from other stakeholders inside and outside the government more easily; the FUTURE Networks Act, which would focus on mobile phone security, particularly within future technology such as 6G wireless; the Secure Equipment Act of 2021, which would direct the FCC to prevent devices from Chinese companies, such as Huawei and ZTE, to be integrated into the government; and the American Cybersecurity Literacy Act, which would require the NTIA to create a cybersecurity literacy campaign to educate people about common cybersecurity risks and best practices.
One cybersecurity vulnerability not addressed by the eight bills, Zuffoletti said, is industries outside of telecommunication companies that are considered critical infrastructure, such as energy companies, food producers, and water sanitation plants.
Nevertheless, the bill sponsors say the legislation package will make the United States far better prepared for future cyberattacks if it becomes law.
“Collectively, these bipartisan bills will educate the public, smaller providers, and small businesses on how best to protect their telecommunications networks and supply chains — all while improving the coordination and resources necessary to support them,” said House Energy and Commerce Chairman Frank Pallone, a Democrat from New Jersey.
One key purpose for the bills is to increase coordination between the federal government and affected businesses and industries.
“These bills will really improve the information sharing and cybersecurity readiness testing of the government by forcing all the right people to get into a room and fix things,” said Shane Tews, a senior fellow who focuses on cybersecurity and technology issues at the American Enterprise Institute, a right-of-center think tank.
“Hopefully, we get to a stage where the government is gaming out cyber problems and vulnerabilities in advance and then sending out software patches to solve them every week, like Microsoft, and other companies do internally on a regular basis,” she added.
The eight bills are expected to be brought to the House floor in the coming months, likely within a larger tech and healthcare bills package, with broad bipartisan support.
Author: Nihal Krishan
Source: Washington Examiner: Panel advances bipartisan cybersecurity bills in race against ransomware attacks