Congress Weighs Bills Requiring Firms to Report Cyberattacks
After years of relying on a patchy – and voluntary – reporting system that left U.S. agencies in the dark, lawmakers are considering bills that would mandate critical infrastructure operators to report incidents of cyberattacks.
Landwebs
Congress is moving to push companies that operate critical infrastructure to inform federal officials of cyberattacks after years of relying on a patchy – and voluntary – reporting system that left U.S. agencies in the dark, reports Roll Call. A draft bill backed by New York Reps. Yvette D. Clarke and John Katko would give the Cybersecurity and Infrastructure Security Agency (CISA) authority to require reporting from companies within 72 hours of finding a breech. The measure would cover banks, oil and gas companies, tech providers and utilities. A similar bill in the Senate was introduced in July.
This effort in Congress comes after the strike by hackers with alleged links to Russian intelligence on SolarWinds and the attack on Colonial Pipeline, which left the federal government scrambling to fully understand the scope and scale of attacks. Ron Bushar, senior vice president of FireEye Mandiant, a security research firm told CQ Roll Call that the legislation is essential to help U.S. agencies obtain uniform information and to plan a response. Under the measure, a Cyber Incident Review Office at CISA would collect, aggregate and analyze reports of cyber incidents and would publish a quarterly findings summary.
