48.0°,
Overcast Senator touts cybersecurity legislation
Following a recent spike in cyberattacks on municipalities and school districts — including this summer’s ransomware attack on the Rockville Centre School District, which forced officials to pay $88,000 to retrieve the data — a growing chorus of elected leaders are calling for action to end them.
U.S. Sen. Charles Schumer came to South Side High School on Monday to call on Congress to pass the Department of Homeland Security Cyber Hunt and Incident Reponse Teams Act of 2019, which has been stalled in committee in the Senate since April.
If passed, the act would authorize DHS to provide special response teams to aid “federal and non-federal entities” that have been attacked in retrieving stolen data and figuring out how to prevent future attacks. The bill does not define what it means by “entities.”
“Very bad people, usually from Eastern Europe, come in, hack computers in school districts, police stations, hospitals, lock them up and say, ‘Unless you pay me a large sum of money, we’re going to keep your system down,’” Schumer said. “We’re here to say there has to be an answer.
“These hackers are sophisticated, but the Department of Homeland Security knows how to fight this,” he continued. “Today we are pushing a new plan that demands that the federal government take a mega bite out of these ransom hacking crimes to stop the culprits from getting bolder and bolder.”
Schumer has also asked the FBI to make ransomware attacks a priority. He has requested that the FBI brief him on recent attacks so he can inform Congress. He said the information would help lawmakers better understand the challenges posed by cryptocurrencies and what additional funding or authority need to be provided legislatively. The FBI and DHS can, Schumer noted, work together to help local communities investigate the attacks and identify the attackers.
“We need the double punch of the FBI and Homeland Security,” the senator said.
And, he added, “It’s good to have the feds involved — the hackers use Bitcoin, and the FBI and Homeland Security know how to trace it. They can go after them and either try to extradite them or tie up their systems by using offensive cyber warfare.”
U.S. Rep. Kathleen Rice, of Garden City, attended the news conference, along with State Sen. Todd Kaminsky, Assemblywoman Judy Griffin, Mayor Francis X. Murray and Dr. Christopher Pellettieri, assistant superintendent of curriculum and instruction for Rockville Centre schools.
“There is no question that the cyber threats have drastically increased in just the past few years,” Rice said. “These criminal hackers are only growing bolder and more sophisticated — they will stop at nothing to extort taxpayer dollars, even if it means preying upon sensitive student information.”
Rice said that cities such as Atlanta, Baltimore and Albany have paid millions of dollars to retrieve their data, but it can be costlier to recover data in smaller towns and villages because they don’t have the same cybersecurity resources of major cities.
The government needs to be more aggressive in pursuing and apprehending hackers, she said, adding, “We need the Senate to act quickly to pass this bill,” referring to the cyberhunt measure.
On July 25, the Rockville Centre School District was attacked by the Ryuk virus, a malware that encrypts data. It took several weeks to retrieve the bulk of the files, and the district paid $88,000 in Bitcoin through its insurance. Its deductible was $10,000.
The Mineola School District was also targeted by the virus, but didn’t pay the ransom because it had taken its backup offline, and the damage was not as extensive.
Kaminsky, who is from Long Beach, noted that the Rockville Centre district was relatively fortunate, because it had budgeted for the insurance premiums and had insurance that covered the cost of the ransom.
“Many school districts would simply not have $100,000 and would be in a catastrophe if this were to happen to them,” the senator said.
Schools across the nation have ramped up efforts to protect students and staff from physical attacks, but more resources need to be devoted to protecting schools’ digital information, Kaminsky noted.
“School security now means something else and that’s cyber security,” he said. “We’re going to need to step up our efforts. Our schools are sitting ducks, waiting to be preyed upon. They need the technological know-how, and they need federal and state resources to help them.”
Pellettieri said it was disappointing that Rockville Centre had to be used as an example, yet he hoped that informing others of the issue would reduce the likelihood of a reoccurrence or an attack on another district. The district worked with the FBI and DHS to recover its data, and the organizations are still investigating.
“It’s not a matter of if there’s going to be an attack,” Pellettieri said. “It’s a matter of when and what district.”
Schumer agreed. “If we don’t stop this now,” he said, “you can be sure that many more school districts, municipalities, police stations, hospitals and private entities will be attacked in the future.”
