Please reply to the below comment:

Eva,

If I haven't said so before, let me say I sincerely hope law school is in your immediate future. The skill you show week after week in analysis, discussion, and writing is top notch. As a matter of fact, you are a better writer than many of my attorney colleagues.

There are so many types of cyber-crimes as part of hacking systems to get data from the internet. For example:

• Theft of health care record information is highly sought on the dark web, these records sell for around $100 (State of Minnesota, (2017).
• Theft of credit card record information gets between $10-20 on dark web (e.g.).
• Deletions or changes to Voter Information to influence elections, though this is very rare.
• Hostage of data for ransom payout.
• This list can continue and continue and continue...

Since policies or laws are in place to address these types of cyber data crimes, and for purposes of this Forum 4 Discussion, ransomware crimes will be the used. But a question is: what is best a policy or a law to deter a ransomware crime? Per studies by Lowi (2003) he found "law and policy had become more or less synonymous" for most persons.

Also, it is of interest that policies are relatively new, not until the end of 1800's were they created and used. Policies are like the servants to laws (e.g.). Laws are rules of government for the United States done via the Legislative arm of the government using the US Constitution as the basis for introducing, approving, and enacting laws.

When it comes to Ransomware crimes, what United States Policies and Laws are there? PerGatlan (2019) in 2019 the Senate approved H.R.1158 - DHS Cyber Hunt and Incident Response Teams Act of 2019, it was introduced to the legislation in January 2019 was reviewed and amended by the US Congress and the US Senate then approved by the Senate in September 2019.

This law is to provide "federally-resourced cyber response teams . . . to assist with incident response . . . should an organization fall victim to ransomware or another type of cyber-attack's" to do the following (Gatlan, 2019):

assistance to asset owners and operators in restoring services following a cyber incident; identification of cybersecurity risk and unauthorized cyber activity; mitigation strategies to prevent, deter, and protect against cybersecurity risks; recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate"

It was difficult to find the entire law on the Congress website, I only saw amendments, so I'm not sure if this law will have consequences if it is not followed, such as a fine similar to a violator of the Wire Fraud Act who could be charged $250,000 per incident along with up to 20 years imprisonment or both.

It seems this law is for the Federal government to work with private and public sectors when a ransomware attack occurs, not to seek out the ransomware criminal.

Further, it looks to supplement current Department of Homeland Security Policy when it comes to ransomware attacks: "we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school . . . (apply patches, don't click or download unfamiliar files, backup your computer).

DHS has a cadre of cybersecurity professionals to provide expertise and support to critical infrastructure entities" (DHS, 2017).

There are so many different types of cyber-attacks, but ransomware seems to be one of latest ones occurring, and our law makers are addressing it via policies and laws.

One of the most difficult pieces of ransomware attacks is these criminals have data encrypted, it is known some cyber security professionals can un-encrypt it, but would the Federal government need to look at unencrypting data via this piece of the approved H.R.1158 - DHS Cyber Hunt and Incident Response Teams Act of 2019, "assistance to asset owners and operators in restoring services following a cyber incident"?

H.R.1158 - Would the DHS Cyber Hunt and Incident Response Teams Act of 2019 or similar law be vigilant on finding the ransomware criminals and prosecuting; possibly 'Hunt' means to do this, but then let's have it spelled out in the law. Possibly criminals could be prosecuted via the Computer Fraud and Abuse Act, but if so, then why do we need another law?

Law H.R.1158 - DHS Cyber Hunt and Incident Response Teams Act of 2019 seems to have much potential, especially, if they will do cyber hunting (maybe FBI already does this too).

Any questions?