Officials from DOJ, the FBI, Cybersecurity and Infrastructure Security Agency and the Secret Service will testify at a Tuesday hearing on ransomware threats (see 2107150036). Deputy Assistant Attorney General-Criminal Division Richard Downing, FBI Cyber Division Assistant Director Bryan Vorndran, Department of Homeland Security's CISA Executive Assistant Director for Cybersecurity Eric Goldstein and Secret Service Investigations Office Assistant Director Jeremy Sheridan will testify at 10 a.m. in 226 Dirksen.

House Armed Services Strategic Forces Subcommittee Chairman Jim Cooper, D-Tenn., and ranking member Mike Turner, R-Ohio, filed the House version of the anti-Ligado Recognizing and Ensuring Taxpayer Access to Infrastructure Necessary (Retain) for GPS and Satellite Communications Act (S-2166) Thursday. Some lobbyists believe that portends a bid to attach it to the FY 2022 National Defense Authorization Act. The measure would require Ligado to pay costs of GPS users whose operations are hurt by its planned L-band operations (see 2106230050). The bill protects “critical” GPS and satellite communications “networks by ensuring that any costs caused by private sector interference to their frequencies is covered by the private sector,” Cooper said. The Keep GPS Working Coalition and other opponents of Ligado’s L-band plan hailed the bill’s House filing. The Retain GPS and Satellite Communications Act “would put the burden to pay where it belongs: on Ligado,” said the Satellite Safety Alliance. Ligado didn’t comment Friday. The Senate Armed Services Committee remained mum whether the panel attached S-2166’s text or other anti-Ligado language to the version of the FY 2022 NDAA it advanced last week. An executive summary said the measure increases funding for “cutting-edge research and prototyping activities at universities, small businesses, defense labs and industry” on 5G, artificial intelligence and other “critical” technologies. The measure includes an additional $264 million for DOD cybersecurity work. It mandates “the establishment of the microelectronics research network, originally established in the Creating Helpful Incentives to Produce Semiconductors for America Act.”

Senate legislation Thursday would require the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to act to better identify cyberattacks against critical infrastructure. Introduced by Rob Portman, R-Ohio; Gary Peters, D-Mich.; Mark Warner, D-Va.; and Marco Rubio, R-Fla., the DHS Industrial Control Systems Capabilities Enhancement Act would require CISA to ensure “it can better identify and mitigate threats to Industrial Control Systems.” Companion legislation introduced by House Homeland Security Committee ranking member John Katko, R-N.Y., passed the House unanimously.

FCC Commissioner Brendan Carr hailed House Commerce Committee advancement of the Secure Equipment Act (HR-3919). The committee also cleared seven other telecom cybersecurity measures (see 2107210064). HR-3919 and Senate companion S-1790 would ban the FCC from issuing new equipment licenses to Huawei and other companies the commission considers a national security risk. It “would help ensure that insecure gear from companies like Huawei, ZTE, and others can no longer be inserted into America’s communications infrastructure,” Carr said Thursday. “We have already determined that this gear poses an unacceptable risk to our national security” (see 2106090063) and HR-3919/S-1790 “would ensure that the FCC closes this Huawei loophole.”

Susan Collins, R-Maine, told reporters Thursday she and other senators involved in working on a bipartisan infrastructure bill are close to a deal, but the structure of its broadband title remains a sticking point. Draft broadband language would set a minimum speed below what fiber advocates seek for projects receiving money from a $40 billion pot of NTIA-administered state-level grants (see 2107210063). The overall proposal, which President Joe Biden backed last month, allocates $65 billion for broadband (see 2106240070). Other senators in the group agree a deal is close. “Most of the agreements have been reached,” said Mitt Romney, R-Utah. “There are a few things that are still being worked on,” but “I think we’ll be there Monday. If not so, then a day or two after.”

Satellite Industry Association President Tom Stroup and others urged lawmakers to establish a civil space situational awareness (SSA) operation and update the framework for mitigating orbital debris amid proliferation of low earth orbit satellites (see 2106150034), during a Thursday Senate Commerce hearing. “Potential for catastrophic accidents if we continue with the status quo is real,” said Senate Space Subcommittee Chairman John Hickenlooper, D-Colo. “We can’t wait for the next collision to occur before taking action,” including enacting the Senate-passed U.S. Innovation and Competition Act. S-1260 would shift responsibility for handling commercial SSA issues to the Commerce Department and includes $20 million for an elevated Office of Space Commerce (see 2106080074). “The space around Earth is becoming congested and the problem is only going to grow,” said ranking member Cynthia Lummis, R-Wyo. “Government must take the lead” on SSA and to “prevent and remove orbital debris.” The federal government should “act now to implement a more modern” SSA environment, “including leveraging both commercial and government capabilities to yield a U.S.-developed cutting-edge space sustainability model,” Stroup said. Any revised space safety framework shouldn’t dictate “specific technologies to meet requirements.” A “successful, modern and sustainable space traffic management system will include all of the types of space activities,” Stroup said. “The U.S. cannot accomplish this on its own and, if regulations are not appropriate, satellite operators will continue to ‘forum shop’ and license systems in foreign administrations.” Other witnesses supported further empowering Commerce’s OSC. Commercial Spaceflight Federation President Karina Drees recommended the FCC “modify its rules to require that any company that serves the U.S. market must comply with U.S. orbital debris rules. This requirement would significantly improve global orbital debris activities, while leveling the playing field for companies licensed in” the U.S. An FCC revisit of its orbital debris rules could happen once the commission gets a Democratic majority (see 2105070004).

Bipartisan legislation introduced Wednesday would require agencies, contractors and critical infrastructure operators to report cyberhacks within 24 hours of discovery (see 2103040066). Introduced by Senate Intelligence Committee Chairman Mark Warner, D-Va.; Vice Chairman Marco Rubio, R-Fla.; and Sen. Susan Collins, R-Maine, the Cyber Incident Notification Act includes liability protection in certain circumstances. Warner has predicted a bipartisan cybercrimes reporting bill (see 2106100053). Senate Environment and Public Works Committee members told a hearing the federal government should invest in resources to defend against cyberthreats to critical infrastructure. Cyber is a long-term, constantly evolving challenge, said Chairman Tom Carper, D-Del.: It requires “sustained federal investment, not one-time solutions.” Ranking member Shelley Moore Capito, R-W.Va., backed training exercises and information sharing between agencies. She’s looking forward to including cyber policies in committee legislation. The Cyberspace Solarium Commission’s March 2020 report concluded water utilities remain largely unprepared to defend networks against cyber disruption, testified Rep. Mike Gallagher, R-Wis., commission co-chair with Sen. Angus King, I-Maine. It's an “extremely dangerous” situation, said King, saying the next Pearl Harbor or Sept. 11, 2001, attack will be cyber-related. The private sector should have liability protection when sharing information because delays don’t work, said King. The government hasn’t made the necessary investments to protect transportation systems, which begins with cybersecurity, said ITS America CEO Shailen Bhatt. ITS recommended a more robust transportation cybersecurity strategy with requirements for transportation agencies to meet certain “marks” determined by the National Institute of Standards and Technology and the Center for Internet Security.

The House Commerce Committee unanimously advanced the Secure Equipment Act (HR-3919) and seven other telecom security measures Wednesday, as expected (see 2107200001). The others: the Understanding Cybersecurity of Mobile Networks Act (HR-2685), Information and Communication Technology Strategy Act (HR-4028), Open Radio Access Network Outreach Act (HR-4032), Future Uses of Technology Upholding Reliable and Enhanced Networks Act (HR-4045), NTIA Policy and Cybersecurity Coordination Act (HR-4046), American Cybersecurity Literacy Act (HR-4055) and Communications Security Advisory Act (HR-4067). “These bills will only further our commitment to increasing the safety and security of our networks and supply chains, while at the same time increasing competition and innovation,” said House Commerce Chairman Frank Pallone, D-N.J. The measures “will strengthen the security of our networks as industry deploys advanced technologies,” said House Commerce ranking member Cathy McMorris Rodgers, R-Wash. “With recent cyberattacks, it is our duty to find solutions that ensure a robust and secure supply chain for our communications networks.”

Senate Commerce Committee ranking member Roger Wicker, R-Miss., and Sens. Shelley Moore Capito, R-W.Va., and Todd Young, R-Ind., filed the Funding Affordable Internet with Reliable (Fair) Contributions Act Wednesday to explore requiring “Big Tech” companies to contribute to USF. It would direct the FCC to study “the feasibility of funding Universal Service Fund through contributions supplied by edge providers” like Google-owned YouTube and Netflix. The study should examine “the class of firms and services on which contributions could be assessed, including an inquiry into the specific sources of revenue potentially subject to contributions, such as digital advertising revenue and user fees” and USF contribution “equity issues.” The bill wants the FCC to examine equity of “alternative contributions systems” like federal appropriations and “whether a flat or progressive rate is most appropriate.” More “consumers are moving to internet-based services,” which “raises concerns about the sustainability of fees collected from consumers’ telephone bills,” Wicker said. “As online platforms continue to dominate the internet landscape, we should consider the feasibility of Big Tech contributing to the USF to ensure rural areas are not left behind as we work to close the digital divide.” Commissioner Brendan Carr, who proposed making edge providers pay into USF (see 2105240037), said “requiring Big Tech to contribute is more than fair.”

House Consumer Protection Subcommittee ranking member Gus Bilirakis, R-Fla., will soon introduce legislation to ensure the FTC is “focused on ransomware” and working with a broad group of law enforcement agencies, House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., announced at a subcommittee hearing Tuesday. She cited recent ransomware attacks on Colonial (see 2106110031) and others as reasons for Congress to act. Bilirakis isn’t a member of the House Oversight Subcommittee, which held the hearing with testimony from Microsoft and FireEye. Last year, more than 2,400 organizations were victimized by ransomware attacks with a financial impact of about $500 million, said Microsoft Assistant General Counsel Kemba Walden. Subcommittee Chair Diana DeGette, D-Colo., cited a Microsoft report claiming more than 99% of cyberattacks could be prevented with multifactor authentication deployed. She asked if Congress should mandate such requirements through legislation, and Walden agreed. House Commerce Committee Chairman Frank Pallone, D-N.J., cited the Biden administration’s recent efforts to combat ransomware, including a new ransomware website (see 2107150036) and efforts to make it more difficult for hackers to transfer funds using digital currency. Victims pay to accelerate the process of recouping their business operations or because it’s in the best interest of protecting their data and customer data, said FireEye-Mandiant Senior Vice President Charles Carmakal. This is despite the lack of guarantees the compromised data will be deleted, he said: Victims do anticipate that stolen data is eventually published “at a later point in time.”