News: Quick Takes

Bill would ban N.C. government ransomware payments

Carolina Journal photo by Maya Reagan
Carolina Journal photo by Maya Reagan

As drivers across North Carolina deal with the consequences of a recent ransomware attack on a major pipeline, a bill moving through the N.C. House would ban state agencies from paying ransom after a cyberattack.

House Bill 813 cleared the State Government and Rules committee meetings Wednesday morning.

“It’s an idea I found out about from legislators in Iowa and New York,” said the bill’s primary sponsor, Rep. Jason Saine, R-Lincoln. “It is certainly timely. It’s something we need to do. We’re working with [the state Department of Information Technology] on the approach.”

H.B. 813’s official title says it would “prohibit any state agency, unit of local government, or public authority from paying a ransom in connection with a cybersecurity incident.” The bill is also designed to “clarify the reporting of cybersecurity incidents” to DIT.

The bill offers a definition of a ransomware attack: “A cybersecurity incident where a malicious actor introduces software into an information system that encrypts data and renders the systems that rely on that data unusable, followed by a demand for a ransom payment in exchange for decryption of the affected data.”

“No State agency or local government entity shall submit payment or otherwise communicate with an entity that has engaged in a cybersecurity incident on an information technology system by encrypting data and then subsequently offering to decrypt that data in exchange for a ransom payment,” according to the bill’s first provision. “Any State agency or local government entity experiencing a ransom request in connection with a cybersecurity incident shall consult with the Department of Information Technology. …”

State lawmakers are debating this provision as the state and nation continue to deal with the impact of the recent cyberattack on the Colonial Pipeline Company. That company operates the country’s largest oil fuel line. The cyberattack prompted a shutdown of that line.

North Carolina, Virginia, and Tennessee are hit hardest by the disruption, with reporting that in North Carolina an average of 14.7% of gas stations are out of fuel, with higher rates in urban areas.

The pipeline shutdown prompted Gov. Roy Cooper to declare a state of emergency,