Last month Sen Rubio (R,FL) introduced S 2666, the Sanction and Stop Ransomware Act of 2021. While the bill title emphasizes ransomware defense, this bill covers a wide range of cybersecurity actions. The bill includes a $1.5 billion fund for critical infrastructure cybersecurity support, with a very vague purpose and few congressionally mandated controls. It also addresses:
• Cybersecurity standards for
critical infrastructure,
• Regulation of cryptocurrency
exchanges,
• Designation of state sponsors of
ransomware and reporting requirements,
• Deeming ransomware threats to
critical infrastructure as a national intelligence priority,
• Ransomware operation reporting
capabilities,
• Duties of the cybersecurity and infrastructure security agency,
Neither Rubio or his sole cosponsor {Sen Feinstein (D,CA)} are members of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. This makes it unlikely that the bill will be considered by that Committee. If the bill were to be considered it is unlikely that the Committee would recommend the bill to the full Senate without significant changes being made. There are just too many mandates, undefined terms and loosely described processes for the business community to accept, and the $1.5 billion authorization for the cybersecurity slush fund is just too large for fiscal conservatives.
For more details about the provisions of this bill, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2666-introduced
Posts
No comments:
Post a Comment