[d4mi3n]

I think this is a step in the right direction, but I'd expand this to be a tax on all organizations that maintain large enough systems to become targets because:

1. Taxing only the victims is adding salt to a wound: these companies are already hurting from being attacked, lost money to the ransomer, and are likely to lose more shortly thereafter due to bad PR. They'll need this money to fix things and hire/consult appropriate experts.

2. Taxing all parties likely to be hit by stuff like this spread the financial burden amount companies of all sizes. Larger companies/targets can thus help protect smaller outfits that aren't well enough funded to field a robust security team or program.

3. Some kind of revenue stream is required here to beef up federal/regional programs relating to cybersecurity. There's no real source of funding for this that doesn't come out of a larger budget. The scope of the problem is large enough that I feel it justifies a specialized agency with it's own budget. Having a dedicated tax applied to parties with need for the service/support seems fair and progressive to me.

[r00fus]

It's almost like there should be some national security agency whose sole purpose would be to uncover this kind of activity and help those impacted. I wonder what I'd call it?

[d4mi3n]

No Such Agency!

Jokes aside, I absolutely agree that this is a failure of the US federal government and congress. We should have answers for these things for now, or at least the beginnings of a national security program to combat cyber crime. The FBI is seriously overwhelmed and the other three letter agencies can't be bothered to play the blue team as far as I'm aware.