6 U.S.C. § 665j | Ransomware threat mitigation activities

(a)

Joint Ransomware Task Force

(1)

In general

March 15, 2022Not later than 180 days after , the Director, in consultation with the National Cyber Director, the Attorney General, and the Director of the Federal Bureau of Investigation, shall establish and chair the Joint Ransomware Task Force to coordinate an ongoing nationwide campaign against ransomware attacks, and identify and pursue opportunities for international cooperation.

(2)

Composition

The Joint Ransomware Task Force shall consist of participants from Federal agencies, as determined appropriate by the National Cyber Director in consultation with the Secretary of Homeland Security.

(3)

Responsibilities

The Joint Ransomware Task Force, utilizing only existing authorities of each participating Federal agency, shall coordinate across the Federal Government the following activities:

(A)

Prioritization of intelligence-driven operations to disrupt specific ransomware actors.

(B)

Consult with relevant private sector, State, local, Tribal, and territorial governments and international stakeholders to identify needs and establish mechanisms for providing input into the Joint Ransomware Task Force.

(C)

Identifying, in consultation with relevant entities, a list of highest threat ransomware entities updated on an ongoing basis, in order to facilitate—

(i)

prioritization for Federal action by appropriate Federal agencies; and

(ii)

1 So in original.

identify  metrics for success of said actions.

(D)

Disrupting ransomware criminal actors, associated infrastructure, and their finances.

(E)

Facilitating coordination and collaboration between Federal entities and relevant entities, including the private sector, to improve Federal actions against ransomware threats.

(F)

Collection, sharing, and analysis of ransomware trends to inform Federal actions.

(G)

Creation of after-action reports and other lessons learned from Federal actions that identify successes and failures to improve subsequent actions.

(H)

Any other activities determined appropriate by the Joint Ransomware Task Force to mitigate the threat of ransomware attacks.

(b)

Rule of construction

Nothing in this section shall be construed to provide any additional authority to any Federal agency.

Pub. L. 117–103, div. Y, § 106Mar. 15, 2022136 Stat. 1056(, , .)

Editorial Notes

Codification

Section was enacted as part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and also as part of the Consolidated Appropriations Act, 2022, and not as part of the Homeland Security Act of 2002 which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions

Pub. L. 117–103, div. Y, § 102Mar. 15, 2022136 Stat. 1038

section 101 of this title“In this division [see Short Title of 2022 Amendment note set out under ]:

“(1)

Covered cyber incident; covered entity; cyber incident; information system; ransom payment; ransomware attack; security vulnerability .—

6 U.S.C. 681 6 U.S.C. 650The terms ‘covered cyber incident’, ‘covered entity’, ‘cyber incident’, ‘information system’, ‘ransom payment’, ‘ransomware attack’, and ‘security vulnerability’ have the meanings given those terms in section 2240 of the Homeland Security Act of 2002 [], as added by section 103 of this division [see also ].

“(2)

Director .—

The term ‘Director’ means the Director of the Cybersecurity and Infrastructure Security Agency.”

, , , provided that: