Monday, November 11, 2019

More than 500 United States schools (connected with 54 different education entities such as school districts and colleges) have been infected with ransomware during the first nine months of 2019, according to a recent report by cybersecurity firm Armor, making the education sector one of the leading ransomware targets, following only municipalities as the top ransomware target. We recently noted in this blog the NYS Education Department’s efforts to combat cyber threats against schools.

In a similar move — appearing to take notice of the continuing surge of cyber-attacks on schools, municipalities and other sectors — the US Senate recently approved the “Department of Homeland Security Cyber Hunt and Incident Response Teams Act of 2019”, bi-partisan legislation that directs the Department of Homeland Security (DHS) to maintain permanent “cyber hunt and incident response teams” to assist both government and private entities in their efforts to prevent and, when necessary, appropriately respond to cybersecurity attacks. To become law, the Act – introduced by Senators Maggie Hassan (D-NH) and Robert Portman (R-OH) — needs to pass the US House of Representatives and be signed by the president.

The Act requires DHS to maintain the cyber hunt and incident response teams for the following purposes:

Assisting asset owners and operators in restoring services following a cyber-incident;

Identifying potential cyber intrusions and cyber risks to partners;

Developing mitigation strategies to prevent, deter and protect against cyber threats; and

Providing recommendations to asset owners and operators for improving their network security.

“As cyber threats become increasingly common, it is crucial that everyone from the federal government to local governments … have the resources and support that they need to strengthen their cybersecurity,” Senator Hassan said. “This bipartisan legislation will allow the best minds in cybersecurity to work together to better protect our digital infrastructure and to respond to attacks.”

This is not the first time Senators Hassan and Portman worked together on cybersecurity legislation. In 2018, both the Hack Department of Homeland Security Act (Hack DHS Act) and Public-Private Cybersecurity Cooperation Act (PPCCA) were included in a package of bills that were signed into law.

The Hack DHS Act established a bug bounty pilot program that uses ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS information systems, while PPCCA requires DHS to establishes a disclosure program so that vulnerabilities in DHS’ information systems can be reported and fixed with greater efficiency.

In the coming months, we will watch the House to see how it addresses the Act, and will report in this blog as there is any further movement through the legislative process.