Bill Calling for DHS Cyber Incident Mitigation Teams AdvancesSenate, House Versions Now Must Be Reconciled
In the wake of ransomware attacks that have hit the public and private sectors, the U.S. Senate has passed a bill that calls for creating cyber incident response and threat hunting teams at the Department of Homeland Security.
See Also: Splunk Predictions 2020
The DHS Cyber Hunt and Incident Response Teams Act 2019, was approved by the Senate by unanimous consent on Sept. 25. A similar bill passed the House in 2018, and now the two bills must be reconciled in committees, according to Sen. Rob Portman, R-Ohio, who co-sponsored the legislation.
The proposed legislation would creat teams within DHS that would help private businesses, as well as state and local government agencies, respond and recover from cyber incidents, such as ransomare attacks, and rebuild their infrastructure.
Ransomware attacks are hitting a growing number of local and municipal governments, school districts, healthcare organizations and businesses this year. And while some attacks seem like one-off incidents designed to enrich cybercriminals with bitcoin ransoms, others, such as the recent attacks in Texas, appear to more coordinated, with a goal of maximizing the impact (see: Texas Says 22 Local Government Agencies Hit by Ransomware).
A recent Baltimore Sun report about the ransomware attack that damaged the IT systems of that city estimated the cost of cleaning up and recovering at about $18 million (see: Baltimore Ransomware Carnage Compounded by Local Storage). Baltimore lacked proper back-up and data recovery systems that could have helped the IT team recover from the attack much faster and with less expense, the newspaper reports.
Assistance Upon Request
Under the Senate bill, the new DHS teams would provide assistance to those in the public and private sector that request it. The teams also would work on identifying cybersecurity risks, developing mitigation strategies and providing guidance.
Experts from private businesses and security firms would be invited to participate in the DHS teams to provide advice and expertise, Portman says.
In addition to Portman, co-sponsors of the legislation include Sen. Maggie Hassan, D-N.H. and Senate Minority Leader Charles Schumer, D-N.Y.
Schumer notes that several upstate New York school districts, have been bit recent ransomware attacks.
A series of similar incidents in Louisiana school districts forced that state to declare an emergency (see: Louisiana Declares Emergency After Malware Attacks).
Good First Step?
Marcus Hutchins, the British cybersecurity expert who rose to fame by helping to stop the spread of the WannaCry ransomware outbreak in 2017, took to Twitter to note that the legislation was at least a step in the right direction.
They did something similar in the U.K. by forming NCSC, a new branch of GCHQ which works with the private sector to protect U.K. businesses and infrastructure. Was a big step in the right direction.https://t.co/vk16Ipn4Vu— MalwareTech (@MalwareTechBlog) September 27, 2019
Others say the while the legislation may have a temporary impact, much more action is needed to fight against cyberattacks.
"The bill will create a temporary reduction in attack surface by reducing some of the most obvious glaring system misconfigurations and weak password policy issues," says Chris Morales, head of analytics at the security firm Vectra. "In the long term, I don't think much will change though without continuous monitoring and proactive attack surface management."