Full Report
Lawmakers decry CISA cuts: 'We are shooting ourselves in the foot' If a cyberattack leads to a death, that's murder. A former FBI cyber division chief urged the US Justice Department to consider felony homicide charges against ransomware actors when attacks on hospitals lead to patient deaths.…
Analysis Summary
# Regulation/Compliance: Proposed "Cyber-Homicide" Prosecution and Ransomware Task Force Reauthorization
## Overview
This summary covers recent Congressional testimony addressing the escalation of legal consequences for ransomware actors, specifically advocating for the application of felony murder charges when cyberattacks result in patient deaths. It also addresses the emergency need for reauthorizing and funding critical federal cybersecurity notification and grant programs currently facing significant budget cuts.
## Key Details
- **Issuing Authority:** US House of Representatives (Subcommittee); US Department of Justice (proposed); CISA.
- **Effective Date:** Immediate for program expiration/budget cuts; Proposed for felony charges.
- **Jurisdiction:** United States (Federal prosecution and State/Local grants).
- **Status:** **Proposed** (Judicial expansion of homicide charges); **Expiring** (CISA Information Sharing authorities).
## Requirements
### Mandatory Requirements
1. **Reporting (Proposed):** Enhanced information sharing under the Cybersecurity Information Sharing Act (CISA 2015).
2. **Standard of Care:** Healthcare providers must maintain systems to prevent "dangerous felonies" (ransomware) that could lead to patient harm.
### Recommended Practices
1. **Pre-Ransomware Notification:** Organizations should maintain open channels with CISA to receive early warning indicators.
2. **Task Force Alignment:** Adhere to the 2021 Ransomware Task Force recommendations to mitigate national security threats.
## Affected Organizations
- **Industries:** Healthcare, State & Local Government, Critical Infrastructure.
- **Organization Size:** All entities utilizing networked medical systems or government services.
- **Geographic Scope:** United States.
## Compliance Timeline
- **September 30, 2026:** Expiration of Information Sharing authorities under CISA 2015.
- **Fiscal Year 2027:** Proposed budget cuts to CISA and the State/Local Cybersecurity Grant Program.
- **Current/Ongoing:** DOJ evaluation of "Felony Murder" applications for ransomware incidents.
## Implementation Guidance
### Assessment Phase
- **Risk Impact Analysis:** Evaluate how a system outage (Encryption) directly impacts life-safety (Bio-medical equipment, ER diversions).
### Implementation Phase
- **Defense-in-Depth:** Shift focus from mere "disruption" of actors to "shoring up home defenses" through CISA-backed grants.
- **Incident Response:** Integrate legal counsel to prepare for potential investigations if an attack results in a casualty.
### Validation Phase
- **Audit Information Sharing:** Verify that the organization is actively receiving and acting upon CISA threat intelligence.
## Technical Requirements
- **Encryption Protection:** Implementation of robust backup and recovery to prevent healthcare system downtime.
- **Early Warning Systems:** Monitoring for "pre-ransomware" indicators (e.g., initial access broker activity) as identified by CISA's Pre-Ransomware Notification Program.
## Penalties & Enforcement
- **Fines:** Loss of federal grant funding for state/local governments due to budget slashes.
- **Other Consequences:** Potential **Homicide Charges** for threat actors (and potentially those providing material support).
- **Enforcement:** Proposed "Terrorism Designations" for ransomware groups targeting hospitals, allowing for broader DOJ and Treasury enforcement.
## Related Standards
- **Cybersecurity Information Sharing Act (2015):** The primary framework for legal protection when sharing threat data.
- **NIST Cybersecurity Framework (CSF):** Aligns with the Ransomware Task Force recommendations for "Identify" and "Protect" functions.
## Resources
- **Official Documentation:** Congress[.]gov - Transcript of "Cyber-Homicide" Testimony (h-ref: youtube[.]com/live/58UVfeHWMzc)
- **Guidance Documents:** Ransomware Task Force (RTF) Final Report (securityandtechnology[.]org/ransomwaretaskforce/)
- **Tools:** CISA Pre-Ransomware Notification Service (cisa[.]gov)
## Practical Recommendations
- **Engage with CISA:** Despite budget cuts, organizations should remain registered for CISA's vulnerability scanning and notification alerts.
- **Legal Preparedness:** Healthcare CISOs should brief Boards on the shifting legal landscape: Ransomware is increasingly viewed not as a "financial crime" but as a "violent felony" if it results in loss of life.
- **Advocacy:** Stakeholders should support the permanent reauthorization of information-sharing authorities before the September 30 deadline.