PRIA Logo
Title 6Domestic SecurityRelease 119-73not60

§665j Ransomware Threat Mitigation Activities

Title 6 › Chapter 1— HOMELAND SECURITY ORGANIZATION › Subchapter XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part A— Cybersecurity and Infrastructure Security › § 665j

Last updated Apr 3, 2026|Official source

Summary

Within 180 days after March 15, 2022, the Director must create and lead a Joint Ransomware Task Force after talking with the National Cyber Director, the Attorney General, and the FBI Director. The team will include people from federal agencies chosen by the National Cyber Director after consulting the Secretary of Homeland Security. Its job is to run a nationwide effort against ransomware and look for ways to work with other countries. Using only each agency’s existing powers, the Task Force must coordinate work like prioritizing intelligence-driven operations to stop attackers; getting input from businesses, state, local, Tribal, territorial, and international partners; keeping an updated list of the biggest ransomware threats and ways to measure success; disrupting criminals, their systems, and money; sharing trend data and lessons learned; and any other steps it decides are needed. This does not give any agency new authority.

Full Legal Text

Title 6, §665j

Domestic Security — Source: USLM XML via OLRC

(a)(1)Not later than 180 days after March 15, 2022, the Director, in consultation with the National Cyber Director, the Attorney General, and the Director of the Federal Bureau of Investigation, shall establish and chair the Joint Ransomware Task Force to coordinate an ongoing nationwide campaign against ransomware attacks, and identify and pursue opportunities for international cooperation.
(2)The Joint Ransomware Task Force shall consist of participants from Federal agencies, as determined appropriate by the National Cyber Director in consultation with the Secretary of Homeland Security.
(3)The Joint Ransomware Task Force, utilizing only existing authorities of each participating Federal agency, shall coordinate across the Federal Government the following activities:
(A)Prioritization of intelligence-driven operations to disrupt specific ransomware actors.
(B)Consult with relevant private sector, State, local, Tribal, and territorial governments and international stakeholders to identify needs and establish mechanisms for providing input into the Joint Ransomware Task Force.
(C)Identifying, in consultation with relevant entities, a list of highest threat ransomware entities updated on an ongoing basis, in order to facilitate—
(i)prioritization for Federal action by appropriate Federal agencies; and
(ii)identify 11 So in original. metrics for success of said actions.
(D)Disrupting ransomware criminal actors, associated infrastructure, and their finances.
(E)Facilitating coordination and collaboration between Federal entities and relevant entities, including the private sector, to improve Federal actions against ransomware threats.
(F)Collection, sharing, and analysis of ransomware trends to inform Federal actions.
(G)Creation of after-action reports and other lessons learned from Federal actions that identify successes and failures to improve subsequent actions.
(H)Any other activities determined appropriate by the Joint Ransomware Task Force to mitigate the threat of ransomware attacks.
(b)Nothing in this section shall be construed to provide any additional authority to any Federal agency.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Codification Section was enacted as part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and also as part of the Consolidated Appropriations Act, 2022, and not as part of the Homeland Security Act of 2002 which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions Pub. L. 117–103, div. Y, § 102, Mar. 15, 2022, 136 Stat. 1038, provided that: “In this division [see

Short Title

of 2022 Amendment note set out under section 101 of this title]: “(1) Covered cyber incident; covered entity; cyber incident; information system; ransom payment; ransomware attack; security vulnerability.—The terms ‘covered cyber incident’, ‘covered entity’, ‘cyber incident’, ‘information system’, ‘ransom payment’, ‘ransomware attack’, and ‘security vulnerability’ have the meanings given those terms in section 2240 of the Homeland Security Act of 2002 [6 U.S.C. 681], as added by section 103 of this division [see also 6 U.S.C. 650]. “(2) Director.—The term ‘Director’ means the Director of the Cybersecurity and Infrastructure Security Agency.”

Reference

Citations & Metadata

Citation

6 U.S.C. § 665j

Title 6Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60