U.S. Republican and Democratic lawmakers have introduced four bills in Congress aimed at addressing various cybersecurity issues, GovInfoSecurity reported yesterday.
The first bill, the International Cybercrime Prevention Act, would increase the penalties for hackers who attack U.S. critical infrastructure, such as pipelines, hospitals, and power plants.
The bill would give prosecutors new powers to shut down botnets and prosecute individuals who operate them and other types of cybercrime infrastructure and sell access to such botnet networks.
“From the criminal enterprise point of view, we have to up the cost of doing business here. These people are making probably millions of dollars, and the penalties are inadequate to the crime,” Sen. Lindsey Graham, R-S.C., one of four senators supporting the bill, said.
The second bill, the Enhancing K-12 Cybersecurity Act, would provide funding for school districts to improve their cybersecurity. The bill foresees $10 million in funding over the next two years for creating a program that would improve the security of school networks and would be overseen by the Cybersecurity and Infrastructure Agency (CISA). The legislation would also create a registry to track the incidents and allow CISA to share best practices with school districts.
The third bill, the Data Protection Act, would establish a federal agency to safeguard Americans’ personal data. It would also require businesses and government agencies to follow certain procedures when it comes to handling personal data.
The bill also creates a new agency to monitor the transfer of data between large tech firms and transfers of the personal information of over 50,000 individuals.
Plus, a draft of a federal breach notification bill that would require critical infrastructure operators to report a cyberattack to CISA within 24 hours has been circulating.
The proposals unveiled came on the heels of the recent high-impact ransomware attacks and President Joe Biden’s summit meeting with Russian President Vladimir Putin on Wednesday.
Meanwhile, Chris Pierson, CEO of BlackCloak, asserted that “many of these efforts are purely perfunctory, and while some can assist in the prosecution of cybercriminals, most won’t actually solve or mitigate the risk to the U.S. or its critical infrastructure.”