A bipartisan group of senators introduced legislation yesterday to invoke stronger penalties for ransomware and other attacks against critical infrastructure (CI). The legislation would also equip the Justice Department to pursue criminal charges against foreign-based threat actors. The International Cybercrime Prevention Act will also make it easier for the DOJ to go after botnets as it adds these to actions against which the US can seek injunctive relief. In response, cybersecurity experts Dr. Chenxi Wang and David Stewart offer comments.
<p>It is about time that cybercriminals, especially those that perpetuate ransomware attacks, are prosecuted to the full extent of the law. I am happy to see that the government is considering stricter penalties for those threat actors, many of them are foreign based. Because of the widespread impact of these attacks, I also think it is important to go a step further to establish international coalitions or treaties against ransomware and critical infrastructure attacks, perhaps in the same vein as the nonproliferation of nuclear weapons treaty.</p>
<p>Extending the ability to seek relief when \’modern\’ attack vectors such as APIs are utilized is a very positive step forward. Although ransomware is much in the news currently, there is a constant backdrop of data exfiltration and plain old fraud via the exponentially expanding threat landscape. Therefore being able to aggressively pursue the perpetrators of CI ransomware and other criminal acts is very welcome.</p>