More hearings with the House Homeland Security Committee will be necessary before that legislation moves forward, as lawmakers wrestle with details of liability protection and how to oversee security of cloud computing providers and other industries.
Mr. Gallagher, who over the last two years emerged as a rising star among members of his party focused on legislating, said he wanted additional measures passed that would have required companies and institutions operating critical infrastructure to report intrusions or attacks to the federal government.
“We believe Congress should authorize the Department of Homeland Security to establish requirements for critical infrastructure entities to report cyberincidents to the federal government,” Mr. Gallagher said. “But we were unable to get that across the finish line.”
The committee also developed proposals for a “joint collaborative environment” on cyberthreats that would increase information sharing between private companies and the government. While government officials say they have taken steps in that direction, private companies say there are still too many barriers to sharing information — and the commission members agree.
Right now, Mr. Gallagher said, the federal government doesn’t have the infrastructure to share data across agencies and with private businesses. The mind-set must also change, he said.
“It’s a question of how do you change the culture of the intelligence community, such that they’re proactively willing to share things with the private sector as opposed to just hoarding information or demanding information,” Mr. Gallagher said.
What to Know About Ransomware Attacks
Card 1 of 5What are ransomware attacks? This form of cybercrime involves hackers breaking into computer networks and locking digital information until the victim pays for its release. Recent high-profile attacks have cast a spotlight on this rapidly expanding criminal industry, which is based primarily in Russia.
Why are they becoming more common? Experts say ransomware is attractive to criminals because the attacks take place mostly anonymously online, minimizing the chances of getting caught. The Treasury Department has estimated that Americans have paid $1.6 billion in ransoms since 2011.
Is there any connection to the rise of cryptocurrencies? The criminal industry’s growth has been abetted by cryptocurrencies, like Bitcoin, which allow hackers to transact with victims anonymously, though experts see virtual currency exchanges as a weak point for ransomware gangs.
What is being done about these attacks? The U.S. military has taken offensive measures against ransomware groups, and the Biden administration has taken legal and economic action. Recent attacks have propelled ransomware to the top of President Biden’s national security agenda.
Why is the government getting involved? The attacks, which were mostly directed at individuals a few years ago, have dramatically escalated as hackers have begun targeting critical infrastructure in the U.S., including a major gasoline pipeline and meat processing plants.
Some of the legislative proposals — like the establishment of a national cyber director — were fiercely debated, but the panel largely avoided partisan fighting.