Top U.S. Cyber Experts Highlight Need for Congressional Action to Combat Dangerous Ransomware Attacks

Nov 16, 2021
Press Release
Cyber Director, CISA & FBI Testify That Incident Reporting is Needed to Combat Ransomware Attacks

Washington, D.C. (November 16, 2021)—Today, Rep. Carolyn B. Maloney, the Chairwoman of the Committee on Oversight and Reform, held a hearing where the nation’s top cybersecurity experts testified on the Biden-Harris Administration’s recent efforts to tackle ransomware as well as ways Congress can improve public-private sector coordination to address this damaging problem. 

 

“Just this weekend, it was reported that the FBI—our premier law enforcement agency for investigating cybercrimes—was itself the victim of a hack that allowed emails to be sent from FBI email servers disguised as genuine FBI emails.  In short, we are at a tipping point as cyberattacks have become more common and potentially more damaging,” said Chairwoman Maloney in her opening statement.

 

Ahead of the hearing, Chairwoman Maloney released a new staff memo showing preliminary findings of the Committee’s investigation into the ransomware attacks on CNA Financial, Colonial Pipeline, and JBS Foods.  The memo examined how these ransomware attacks unfolded and how legislation and policies may be developed to counter the threat of ransomware.

 

The Committee heard testimony from Chris Inglis, National Cyber Director; Brandon Wales, Executive Director for the Cybersecurity and Infrastructure Security Agency; and Bryan Vorndran, Assistant Director, Cyber Division for the Federal Bureau of Investigation.

 

Committee Members and witnesses highlighted the dangers of paying ransom to cyber criminals and underscored the need to implement a “whole-of-government” strategy to better share information between private and public entities.  

 

  • In response to a question from Rep. Connolly, Assistant Director Vorndran reiterated the federal government’s longstanding position that it does not recommend paying a ransom, stating, “it fuels a huge criminal enterprise.”
  • Asked by Rep. Ocasio-Cortez whether paying a ransom would guarantee that a company could recover its systems, Assistant Director Vorndran replied:  “There are no guarantees that if any corporation, organization, or entity pays ransom that it will necessarily be decrypted.  We have cases between us and CISA where the decryption keys provided by the actors have not worked.”
  • In response to questioning from Rep. Wasserman-Schultz about the findings in the Committee's staff memo that some companies did not know to contact the federal government in the case of a ransomware attack, Director Inglis stated that he agreed with the core finding that “it is essential that the federal government be joined up and coherent as individual citizens or organizations attempt to report or to seek service from that government.”  Director Inglis added that when companies report attacks to the federal authorities, it allows the government to “bring all of our various authorities and resources to bear.” 
  • In response to questioning from Rep. Connolly, Director Inglis testified that his office and others in the federal government must collaborate to harness their “diverse strengths,” adding, “we understand that we must integrate and collaborate such that we discover and do things together that no one of us can do alone.”

 

Witnesses unanimously supported an incident reporting requirement, highlighting the dangers of incomplete data on ransomware attacks. 

 

  • Each of the witnesses expressed their support for legislation requiring that companies report ransomware attacks to CISA and the FBI.  Assistant Director Vondran stated, “I can't stress enough the importance of the FBI receiving full and immediate access to cyber incidents so we can act on them as soon as possible and in unison with our federal partners at CISA.”  
  • Executive Director Wales agreed that “passing cyber threat notification legislation is a top priority, we need the information because that enables CISA and the FBI to both engage with that victim, offer our assistance, understand what’s happening from on their networks and protect other victims.”
  • In his written remarks, Director Inglis stated that the Biden-Harris Administration “supports legislative efforts to require cyber incident reporting—including ransomware payments—to both the FBI and CISA, that will help prioritize the use of precious resources to support victims, disrupt threat actors and guide future investments to improve resilience.”
  • In response to questioning from Rep. Tlaib, Assistant Director Vorndran emphasized that in the event of victims paying a ransom, the federal government should “be notified as soon as possible when that ransom is paid so we can do our best to track the money.”

 

The witnesses also testified that the Biden-Harris Administration has taken swift steps to address current cyber vulnerabilities, strengthen our cyber defenses, and lead on the global stage to tackle these challenges alongside our international partners. 

 

  • In response to a question from Rep. Keller, Director Inglis highlighted the efforts the Biden-Harris Administration has taken to track down ransoms and share information with the private sector, stating:  “We have followed the money flows and apprehended that money when and wherever possible.  We have used our intelligence resources to assist the private sector in understanding what the threats to them are, and at the same time give them best practices so they up their game and become a harder target.”
  • Director Inglis laid out the Biden-Harris Administration’s approach to confronting Russia and other countries that provide a safe haven to cybercriminals, stating the federal government “has been very clear with the Russians about what we expect normal behavior looks like” and emphasized that the Administration “brought an international coalition to bear to make the same statement.”  Director Inglis stated that the Biden-Harris Administration “would withhold certain diplomatic status, certain economic benefits” should Russia continue to harbor these actors. 
  • Director Inglis testified about the substantial progress the Administration, and the Office of the National Cyber Director, has made:  “Over the last few weeks or months you have seen some evidence that [our efforts] are beginning to succeed against the nature of the threat, which is long in the making.  It’s not unlike climate change, which is decades in the making, and therefore can’t be turned around in a fortnight.” 

 

During the hearing, Committee Members underscored that combatting ransomware attacks is a crucial, bipartisan issue.

 

  • Opening the hearing, Chairwoman Maloney highlighted the dangers of ransomware attacks and how fighting such malevolent actors should unite all Americans:  “[T]his is a bipartisan issue.  Everyone in the country is deeply concerned about cybersecurity, and I hope that we will be able to work with ways to strengthen protections for American business and government.”   
  • In a closing statement, Rep. Grothman commented on the importance of the hearing, stating:  “I’d like to thank you for having the hearing.  I thought it was a good bipartisan hearing without the partisan rancor that you sometimes have.  I’d like to thank our guests for being here.  This is a very important topic and failure is really not an option.” 
  • Rep. Sessions also thanked the Chairwoman for holding the hearing, stating, “I think it’s well worth our time and important questions are being asked.” 

 

Click here to watch the hearing.

 

###

Issues: 
117th Congress