Congress Inches Toward Response to Ransomware Attacks

CONGRESS, FEDS MAKE MOVES ON RANSOMWARE ATTACKS, but a clear fix for the expensive cybercrime epidemic is far from clear. The Senate Homeland Security Committee took a step forward on Wednesday, advancing a bill that would require hospitals and oil and natural-gas pipeline companies, among other critical infrastructure operators, to report cyberattacks and ransom payments within 72 hours. Chairman Gary Peters said he wants the bill tacked onto the broader annual defense authorization package.

Who is responsible for reporting ransomware attacks remains a point of contention. Florida GOP Sen. Rick Scott didn’t want reporting requirements for small businesses and Ohio Sen. Rob Portman successfully added an amendment to exempt small businesses from having to tell the government they paid a ransom. Sen. Elizabeth Warren introduced a separate reporting requirement bill for a broader group of companies and public entities—it exempts individuals—that pay ransoms to regain access to their computer systems so federal authorities will have more comprehensive data on the extent of the problem.

The executive branch picked this week to move, too. On Wednesday, the Homeland Security Department said it would require “high-risk” rail and transit systems to have plans for major cyberattacks and will require reporting of cyber incidents, among other measures. That same day, the Justice Department said it would impose large fines on federal contractors that fail to disclose cybersecurity breaches.


What do you think the federal government should do to address ransomware attacks? Join the conversation below.

Ransomware attacks have gotten more expensive as emboldened thieves demand higher and higher payments that the FBI has tried to discourage companies from paying. From 2019 to 2020, the total amount paid by ransomware victims increased by 311%, according to a report by the Institute for Security and Technology. Recent attacks have hobbled oil infrastructure like the Colonial Pipeline and meatpacker JBS SA before the companies paid millions to regain control.

The bipartisan infrastructure bill currently awaiting passage in the House also includes $100 million over the next five years to support a cyber rainy-day fund for government agencies that face major cyberattacks.

AN 1872 MINING LAW that still governs how critical minerals can be extracted from federal lands is likely to get an update in the Democrats’ budget reconciliation package, but they haven’t yet settled on their strategy for doing so. A House-passed proposal to impose an 8% gross royalty on new mining projects and a 4% gross royalty on existing mines on federal lands may not satisfy some Democrats in the Senate, including Natural Resources Committee Chairman Joe Manchin and Nevada Sen. Catherine Cortez Masto, who is up for re-election in the mineral-rich state in 2022.

Republicans and the mining industry have decried the proposal as a potential death knell for mining in the U.S. The legislation “would result in severe reduction of new operations and economic infeasibility to move forward on a project” and hinder domestic development of supply chains for solar panels and electric vehicles, warned National Mining Association General Counsel Katie Sweeney at a Tuesday hearing. Arkansas GOP Rep. Bruce Westerman called it “death by a thousand cuts.”

But Manchin took a different view, noting that coal firms (like in his state of West Virginia) go into contracts understanding that they have to pay royalties to landowners, whether private or federal for reclamation: “The fact that over $5 billion of minerals can be mined each year, taken off of federal land, and sold without a single penny in royalties, is just crazy.” Cortez Masto said she opposed the House proposal and the use of budget reconciliation to pass a mining overhaul but said a compromise on royalties was possible.

D.C.’S STATEHOOD BID takes another hit, this time from the Supreme Court. The court on Monday affirmed that D.C. isn’t constitutionally entitled to voting representation in Congress, dashing the hopes of some statehood activists who wanted to circumvent Congress in their quest for more district autonomy. The case, brought by D.C. residents who argued that lack of representation violated their equal protection rights, was essentially a repeat of a 2000 case that similarly found no right to congressional representation because the district isn’t a state. There were no hearings on the case, just a short order citing the 2000 ruling as precedent.

BACK FROM NEW ZEALAND, where her husband, former Sen. Scott Brown, served as ambassador under the Trump administration, Republican Gail Huff Brown officially announced plans to run for a battleground House seat in New Hampshire. Brown previously attempted a political comeback in New Hampshire after losing his Massachusetts seat, but he lost to Democratic Sen. Jeanne Shaheen. Huff Brown was a news anchor in the Boston area and has never held public office. The couple now lives in New Hampshire, where Huff Brown will challenge Rep. Chris Pappas. She says Pappas doesn’t “represent our Granite State values.” The Democratic Congressional Campaign Committee has accused her of being a carpetbagger and political opportunist.

MINOR MEMOS: Senate Judiciary Committee Chairman Dick Durbin mocks Cyber Ninjas firm that conducted GOP-ordered review of Arizona election: “$5.7 million spent on the Ninja Turtles”…President Biden warns press during visit to Michigan union training center: “I am learning how to fly drones, guys, so be careful”…U.K. Prime Minister Boris Johnson puts a twist on Biden’s economic-agenda slogan with his own for conservation efforts for forests and rivers: “Build back beaver, I say!”

Write to Gabriel T. Rubin at

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8