New legislation aims to create stricter penalties for cyberattacks against critical infrastructure and give the Justice Department more options for bringing charges against criminals in foreign countries.
The International Cybercrime Prevention Act is co-sponsored by Sens. Sheldon Whitehouse (D-R.I.), Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.). It essentially takes the existing legal statutes for racketeering, money laundering and forfeiture and “brings them to bear on cyber criminals,” Whitehouse said.
The bill permits law enforcement to seize funds generated from the sale of spyware and to take equipment such as illegal intercept devices used in the commission of hacking campaigns, ransomware and other nefarious activity, according to a fact sheet provided by the lawmakers.
The bill would also make it easier for DOJ to go after botnets by expanding the list of reasons the federal government can seek injunctive relief. Under the current law, DOJ can only seek relief when a botnet is engaged in fraud or illegal wiretapping. The new bill would broaden that activity to include the destruction of data, denial of service attacks and certain violations in the Computer Fraud and Abuse Act.
Asked about how the bill would deter foreign actors, most of whom reside in host countries that will often passively allow criminal activities such as ransomware attacks, Whitehouse cited DOJ charges brought under the Obama administration against Chinese military officials that acted as a “shot across the bow” warning to other countries.
During the June 16 meeting with Russian President Vladimir Putin, President Joe Biden gave the Russian leader a list of 16 critical infrastructure areas that should be considered off-limits to cyber intrusions. That list presumably maps to theÂ list of 16 critical infrastructure areasÂ designated by the Department of Homeland Security.
This article was first posted to FCW, a sibling site to GCN.