This bill addresses ransomware threats to national security.

Specifically, the bill

• requires the promulgation of mandatory cybersecurity standards for critical infrastructure entities;
• requires the instituting of regulatory requirements for cryptocurrency exchanges operating within the United States to reduce the anonymity of users and accounts suspected of ransomware activity;
• deems ransomware threats to critical infrastructure a national intelligence priority component to the National Intelligence Priorities Framework; and
• authorizes monitoring of the internet, including the dark web, for evidence of a compromise to critical infrastructure.

The Department of State shall annually

• designate as a state sponsor of ransomware any country the government which has provided support for ransomware demand schemes (including by providing safe haven for individuals engaged in such schemes), and
• submit to Congress a report listing the designated countries.

The National Intelligence Agency shall submit a report to specified congressional committees on the implications of the ransomware threat to national security.

The Cybersecurity and Infrastructure Security Agency (CISA) shall establish ransomware operation reporting capabilities to facilitate the submission of timely, secure, and confidential ransomware notifications by federal agencies and covered entities to CISA. In addition, CISA shall establish a public awareness campaign related to the cybersecurity services of the government.

The bill also establishes the Information System and Network Security Fund. Any amounts in the fund may be distributed to eligible entities for a specific network security purpose, including to enable network recovery from an event affecting network cybersecurity.