Cyberattacks Are on the Rise. What Can Congress Do?

The past few months have revealed how disruptive ransomware attacks can be to our economy and everyday lives. In May, a Russian hacking firm attacked Colonial Pipeline, shutting it down for days. Americans endured long gas lines and closed stations and the company ended up paying $4.4 million in ransom to the hacking company, DarkSide.
On July 2, the IT firm Kaseya announced it had been targeted in an attack that ended up affecting between an estimated 800 to 1,500 companies on five different continents. Here, too, the hackers were a Russian firm: the REvil ransomware group demanded $70 million to undo the damage.
A ransomware attack even affected the day-to-day work done by congressional staff. iConstituent, a system that many offices on the Hill use to coordinate constituent services, was targeted in an attack months ago. Nearly 60 House offices were affected by the attack, making it impossible to access some constituent information for weeks, Punchbowl News reported.
Companies like DarkSide and REvil are not state actors, but experts and lawmakers say it is impossible for companies to pull off attacks like this without the Russian government knowing about it. In a call earlier this month, President Biden told Russian President Vladimir Putin that the United States “will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”