Friday, September 3, 2021

Review - S 2666 Introduced - Sanction and Stop Ransomware Act

Last month Sen Rubio (R,FL) introduced S 2666, the Sanction and Stop Ransomware Act of 2021. While the bill title emphasizes ransomware defense, this bill covers a wide range of cybersecurity actions. The bill includes a $1.5 billion fund for critical infrastructure cybersecurity support, with a very vague purpose and few congressionally mandated controls. It also addresses:

• Cybersecurity standards for critical infrastructure,

• Regulation of cryptocurrency exchanges,

• Designation of state sponsors of ransomware and reporting requirements,

• Deeming ransomware threats to critical infrastructure as a national intelligence priority,

• Ransomware operation reporting capabilities,

• Duties of the cybersecurity and infrastructure security agency,

Neither Rubio or his sole cosponsor {Sen Feinstein (D,CA)} are members of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. This makes it unlikely that the bill will be considered by that Committee. If the bill were to be considered it is unlikely that the Committee would recommend the bill to the full Senate without significant changes being made. There are just too many mandates, undefined terms and loosely described processes for the business community to accept, and the $1.5 billion authorization for the cybersecurity slush fund is just too large for fiscal conservatives.

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis -

No comments:

/* Use this with templates/template-twocol.html */