At a hearing of the Armed Services subcommittee on cybersecurity, Sen. Mike Rounds, R-S.D., wondered if it was time to use the military to interrupt ransomware the same way the U.S. of yore handled pirates who intercepted needed supplies.
"In the beginning, years of our country, we made a very clear that when pirates would attack shipping that was vital to the United States - we actually created the Marine Corps, in a way, to actually go on out and find these private citizens who were acting as pirates, and we basically took them out, even though they had found a safe harbor in other sovereign countries," he said.
"I think it still holds true with regard to cyberattacks. And I think the Department of Defense clearly has a role to play," he added.
In recent weeks, ransomware has interrupted several aspects of critical infrastructure, including the Colonial Pipeline that supplies petroleum to the East Coast, and JBS, a massive meats distributor that serves as a major cog in our food supply chain. Even before that, ransomware had impacted industries ranging from transportation to health care, law enforcement to consumer goods.
Lawmakers have been eager to determine what the proper role of government intervention is in handling a petty crime that is, simultaneously, a major national security threat.
Witnesses at the hearing, representing the military, Joint Chiefs of Staff and Cyber Command said that the military was ready to take action when called upon.
"We are prepared to take authorized action to stop or degrade activity," said Mieke Eoyang, deputy assistant secretary of defense for cyber policy.
Rear Admiral Ronald Foy, deputy director for global operations for the joint staff said "since 2018, the secretary of defense has approved multiple campaign plans that address adversaries noted in the 2018 National Defense Strategy."