6 U.S.C. § 665j

Current through P.L. 118-106 (published on www.congress.gov on 10/04/2024)

Section 665j - Ransomware threat mitigation activities

(a) Joint Ransomware Task Force

(1) In general

Not later than 180 days after March 15, 2022, the Director, in consultation with the National Cyber Director, the Attorney General, and the Director of the Federal Bureau of Investigation, shall establish and chair the Joint Ransomware Task Force to coordinate an ongoing nationwide campaign against ransomware attacks, and identify and pursue opportunities for international cooperation.

(2) Composition

The Joint Ransomware Task Force shall consist of participants from Federal agencies, as determined appropriate by the National Cyber Director in consultation with the Secretary of Homeland Security.

(3) Responsibilities

The Joint Ransomware Task Force, utilizing only existing authorities of each participating Federal agency, shall coordinate across the Federal Government the following activities:

(A) Prioritization of intelligence-driven operations to disrupt specific ransomware actors.

(B) Consult with relevant private sector, State, local, Tribal, and territorial governments and international stakeholders to identify needs and establish mechanisms for providing input into the Joint Ransomware Task Force.

(C) Identifying, in consultation with relevant entities, a list of highest threat ransomware entities updated on an ongoing basis, in order to facilitate-

(i) prioritization for Federal action by appropriate Federal agencies; and

(ii) identify ¹ metrics for success of said actions.

(D) Disrupting ransomware criminal actors, associated infrastructure, and their finances.

(E) Facilitating coordination and collaboration between Federal entities and relevant entities, including the private sector, to improve Federal actions against ransomware threats.

(F) Collection, sharing, and analysis of ransomware trends to inform Federal actions.

(G) Creation of after-action reports and other lessons learned from Federal actions that identify successes and failures to improve subsequent actions.

(H) Any other activities determined appropriate by the Joint Ransomware Task Force to mitigate the threat of ransomware attacks.

(b) Rule of construction

Nothing in this section shall be construed to provide any additional authority to any Federal agency.

¹ So in original.

6 U.S.C. § 665j

Pub. L. 117-103, div. Y, §106, Mar. 15, 2022, 136 Stat. 1056.

EDITORIAL NOTES

CODIFICATIONSection was enacted as part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and also as part of the Consolidated Appropriations Act, 2022, and not as part of the Homeland Security Act of 2002 which comprises this chapter.

STATUTORY NOTES AND RELATED SUBSIDIARIES

DEFINITIONS Pub. L. 117-103, div. Y, §102, Mar. 15, 2022, 136 Stat. 1038, provided that: "In this division [see Short Title of 2022 Amendment note set out under section 101 of this title]:"(1) COVERED CYBER INCIDENT; COVERED ENTITY; CYBER INCIDENT; INFORMATION SYSTEM; RANSOM PAYMENT; RANSOMWARE ATTACK; SECURITY VULNERABILITY.-The terms 'covered cyber incident', 'covered entity', 'cyber incident', 'information system', 'ransom payment', 'ransomware attack', and 'security vulnerability' have the meanings given those terms in section 2240 of the Homeland Security Act of 2002 [6 U.S.C. 681], as added by section 103 of this division [see also 6 U.S.C. 650] ."(2) DIRECTOR.-The term 'Director' means the Director of the Cybersecurity and Infrastructure Security Agency."

Secretary: The term "Secretary" means the Secretary of Homeland Security.
State: The term "State" means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and any possession of the United States.
Agency: the term "Agency" means the Federal Emergency Management Agency;