PRIA Logo
Take the PRIA Score
Title 6Domestic SecurityRelease 119-73

§665j Ransomware threat mitigation activities

Title 6 › Chapter CHAPTER 1— - HOMELAND SECURITY ORGANIZATION › Subchapter SUBCHAPTER XVIII— - CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part Part A— - Cybersecurity and Infrastructure Security › § 665j

Last updated Apr 6, 2026|Official source

Summary

Within 180 days after March 15, 2022, the Director must set up and lead a Joint Ransomware Task Force, after talking with the National Cyber Director, the Attorney General, and the FBI Director. The Task Force will include people from federal agencies chosen by the National Cyber Director with the Secretary of Homeland Security. Using only each agency’s current powers, it will coordinate a national effort to stop ransomware. It will run intelligence-led operations, work with the private sector and state, local, Tribal, territorial, and international partners for input, keep an updated list of top ransomware threats and ways to measure success, disrupt criminals and their networks and money, share and study trends, write after-action reports, and do other actions needed to reduce ransomware risk. Nothing in the law gives any federal agency new authority.

Full Legal Text

Title 6, §665j

Domestic Security — Source: USLM XML via OLRC

(a)(1)Not later than 180 days after March 15, 2022, the Director, in consultation with the National Cyber Director, the Attorney General, and the Director of the Federal Bureau of Investigation, shall establish and chair the Joint Ransomware Task Force to coordinate an ongoing nationwide campaign against ransomware attacks, and identify and pursue opportunities for international cooperation.
(2)The Joint Ransomware Task Force shall consist of participants from Federal agencies, as determined appropriate by the National Cyber Director in consultation with the Secretary of Homeland Security.
(3)The Joint Ransomware Task Force, utilizing only existing authorities of each participating Federal agency, shall coordinate across the Federal Government the following activities:
(A)Prioritization of intelligence-driven operations to disrupt specific ransomware actors.
(B)Consult with relevant private sector, State, local, Tribal, and territorial governments and international stakeholders to identify needs and establish mechanisms for providing input into the Joint Ransomware Task Force.
(C)Identifying, in consultation with relevant entities, a list of highest threat ransomware entities updated on an ongoing basis, in order to facilitate—
(i)prioritization for Federal action by appropriate Federal agencies; and
(ii)identify 11 So in original. metrics for success of said actions.
(D)Disrupting ransomware criminal actors, associated infrastructure, and their finances.
(E)Facilitating coordination and collaboration between Federal entities and relevant entities, including the private sector, to improve Federal actions against ransomware threats.
(F)Collection, sharing, and analysis of ransomware trends to inform Federal actions.
(G)Creation of after-action reports and other lessons learned from Federal actions that identify successes and failures to improve subsequent actions.
(H)Any other activities determined appropriate by the Joint Ransomware Task Force to mitigate the threat of ransomware attacks.
(b)Nothing in this section shall be construed to provide any additional authority to any Federal agency.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Codification Section was enacted as part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and also as part of the Consolidated Appropriations Act, 2022, and not as part of the Homeland Security Act of 2002 which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions Pub. L. 117–103, div. Y, § 102, Mar. 15, 2022, 136 Stat. 1038, provided that: “In this division [see

Short Title

of 2022 Amendment note set out under section 101 of this title]: “(1) Covered cyber incident; covered entity; cyber incident; information system; ransom payment; ransomware attack; security vulnerability.—The terms ‘covered cyber incident’, ‘covered entity’, ‘cyber incident’, ‘information system’, ‘ransom payment’, ‘ransomware attack’, and ‘security vulnerability’ have the meanings given those terms in section 2240 of the Homeland Security Act of 2002 [6 U.S.C. 681], as added by section 103 of this division [see also 6 U.S.C. 650]. “(2) Director.—The term ‘Director’ means the Director of the Cybersecurity and Infrastructure Security Agency.”

Reference

Citations & Metadata

Citation

6 U.S.C. § 665j

Title 6Domestic Security

Last Updated

Apr 6, 2026

Release point: 119-73