WASHINGTON —Energy Secretary Jennifer Granholm said Sunday that she supports a law that would ban companies from paying ransoms to hackers holding their information hostage, comments that come after a spate of recent cyberattacks on companies responsible for crucial parts of the U.S. infrastructure.
In an interview with “Meet the Press,” Granholm acknowledged that she’s not sure if Congress or President Joe Biden is ready to take that step, but she warned that paying ransoms only emboldens hackers even more. And she said that private companies need to take responsibility and tell the federal government when they are attacked for the good of the country.
“Everyone needs to wake up and up their game in terms of protecting themselves, but also in terms of telling the federal government if they are a target of attacks. Many of these private companies don’t want to let people know, they should not be paying ransomware but they should be letting us know so we can protect the rest of the country,” she said.
“I don’t know whether Congress or the president is at that point,” she said of a ban on paying ransom to cybercriminals, “but I think we need to send this strong message that paying a ransomware only exacerbates and accelerates the problem. You are encouraging the bad actors.”
June 6, 202100:54
While cyberattacks aren’t new, recent, high-profile attacks have shined a light on the vulnerabilities that have threatened both key infrastructure and supply chains in America and around the world.
Last month, an attack on Colonial Pipeline prompted the company to shut down key pipelines that supplied the eastern United States, causing gas shortages and skyrocketing prices. And last week’s attack on JBS, one of the world’s largest meat suppliers, briefly raising concerns about a broader ripple effect on the meat industry.
Both of those attacks involved ransomware, an attack that involves hackers infiltrating a system and demanding a ransom. And Colonial Pipeline ultimately paid the hackers ransom.
Cybersecurity experts have long warned about these types of attacks, particularly by hacking groups based in Russia, where U.S. officials say hackers are given broad leeway as long as they only attack the West.
NBC News reported that the White House is considering cyberattacks against Russian actors hackers in the wake of the recent incidents.
Sen. Roy Blunt, R-Mo., called on the U.S. to treat Russia as “virtually a criminal enterprise” in order to push back against a spate of cyberattacks and other aggressive actions by the country.
Blunt, head of the GOP Senate’s policy arm, argued that the U.S. needs to meet Russian aggression with a stronger offensive push, saying that retaliatory cyberattacks are one way to push back.
“You really have to treat Russia like it’s virtually a criminal enterprise. They harbor criminals, they don’t appreciate the rule of law or any kind of level of personal freedom,” Blunt said in an exclusive interview on “Meet the Press.”
“We have to push back when there’s no penalty, there’s no sanctions, it’s hard to find who is doing it and even when you can find where they are, we haven’t really effectively sanctioned the countries that are protecting this kind of activity.”
Senate Intelligence Committee Chair Mark Warner, D-Va., warned in a separate interview that the scale of these cyberattacks represent an even larger risk if hackers decide to take aim at critical infrastructure.
Warner said that the debate over whether to outlaw paying ransomware attackers is a “debate worth having.” But he pitched a three-prong strategy: legislation that would require companies to notify the government when hacked, an effort to foster international cooperation to hold bad actors accountable, and pushing for additional transparency if a company decides to pay a ransom.
June 6, 202107:26
“We’ve been talking about cyber for a long time, but finally, the American public is starting to wake up to the ramifications of these cyberattacks,” Warner said.
“What I’m really worried about is if we saw the kind of massive, across-the-system attack that took place last year, the SolarWinds attack. There, Russians got into 18,000 different companies. If that attack had been an effort to shut down our system, our economy would have come to a halt.”
Source: | This article originally belongs to Nbcnews.com
