Texas lawmakers are working to crack down on cybercrime.
On Thursday, the Texas House unanimously passed the Texas Cybercrime Act, which makes it a third-degree felony for a person to deliberately prevent someone else from getting online — unless that person is working with law enforcement.
“We’ve seen cybercrimes become increasingly more sophisticated,” said state Rep. Giovanni Capriglione, R-Southlake. “They’ve also become more complicated to prosecute.
“[Thursday’s] unanimous vote on HB 9 in the House will soon give law enforcement additional tools in the fight against ransomware and other cybercrimes.”
The measure now heads to the Senate for consideration.
House Bill 9 makes it a third-degree felony if someone “intentionally interrupts or suspends access to a computer system” or network, unless the person is working on behalf of law enforcement.
It also makes it a Class A misdemeanor for someone to alter data transmitting between two computers in a network or system or introduce malware or ransomware — software that gives people access to a computer system and data without permission or requires users to pay to regain access to their data or information — on a computer, network or system.
The more costly the offense, the more severe the charge. If an offense involves more than $300,000, that bumps the charge up to a first-degree felony.
“Criminals use ransomware, malware and other methods where unsuspecting persons unknowingly facilitate the criminal activity on their own device,” Capriglione said during debate earlier this week. “According to the FBI, ransomware attacks cost victims a total of $209 million in the first three months of 2016.”
Capriglione has another cyber bill making its way through the Texas Legislature.
HB 8, the Texas Cybersecurity Act, calls for an audit of Texas systems, training on how to respond to risks and attacks, a review of state digital data storage and a state response plan that can be used in the event of a cyberattack to be created no later than Sept. 1, 2018.
The bill, which has been approved by the Government Transparency & Operation Committee, asks the Texas Rangers to study cyberattacks on election infrastructure, including looking at vulnerabilities and risks regarding county voting machines and lists of registered voters.
It also seeks information on any attempted cyberattack against county voting systems and any recommendations to protect election machines and lists of registered voters.
The measure also would create a cybersecurity task force to coordinate resources and develop guidelines — and a cyber sharing task force to determine best practices of cybersecurity for the state.
The issue of cybersecurity came up locally last year during a Texas House County Affairs Committee meeting in Fort Worth.
At the time, local officials said they hoped state lawmakers would consider passing a measure to make sure cyber offenders would receive tough sentences.
Officials last year declined to detail the ransomware that penetrated local systems, but they said it was the first time in at least two years that anything like it had made it through firewalls.
Ransomware is a computer malware that installs on a person’s computer — or even on a tablet or smartphone — that starts to encrypt files, which prevents them from being opened by their rightful user. It could come through an email that contained a link the user may have opened.
On a computer, the software can run quietly in the background unnoticed until perhaps the wallpaper changes and a message pops up demanding a ransom and telling the user how to pay to be able to access files, photos and data again. Officials have long stressed that anyone who receives those messages should not pay.
Across the world, estimates suggest there are at least 4,000 ransomware attacks unleashed every hour.