Two state senators from New York State introduced bills that would ban municipalities from meeting ransomware attackers’ demands.
On January 14, 2020, NYS Senator Phil Boyle of the 4th Senate District proposed Senate Bill S7246.
Senator Boyle along with his cosponsors Senator George M. Borrello of the 57th Senate District and Senator Sue Serino of the 41st Senate District note in the bill’s text that ransomware attacks are increasingly targeting government agencies. When successful, these attacks cost the governments upwards of hundreds of thousands of dollars in recovery efforts as well as disrupt key city services.
In response to this threat, Senate Bill S7246 proposes the creation of a “Cyber Security Enhancement Fund.” The purpose of this Fund would be to help villages, towns and cities with populations of less than a million residents receive monies for the purpose of upgrading their digital security defenses.
By helping municipalities make these preemptive upgrades, the three Senators argue that New York State could spare NY taxpayers from carrying the costs of a successful ransomware attack. They also feel that an incentive could help local governments move to make those upgrades sooner rather than later. As they note in their Bill’s text:
A small investment in local government cyber security now, can help stop cyber-criminals from profiting on the backs of New York State taxpayers and protect important state and local government services from disruption…. To incentivize these upgrades, the bill will prevent state and local governments from paying ransoms for ransomware attacks after January 1, 2022 by which time they should be able to sufficiently upgrade their cyber-security systems.
Two days after Senator Boyle proposed his bill, NYS Senator David Carlucci of the 38th Senate District proposed Senate Bill S7289. This proposed legislation would similarly ban municipalities from meeting ransomware attackers’ demands, but the bill doesn’t mention the creation of a fund to help local governments improve their digital security posture.
Both bills were in committee as of this writing. It remains to be seen whether they will make it to the New York State’s Senate Floor.
News of these bills come less than a year after the U.S. Conference of Mayors declared that it will no longer meet attackers’ ransom demands in connection to a digital security event.