Infrastructure News

Congress seeks to compel infrastructure operators to report cyberattacks

[ad_1]

Congress is moving to compel companies that operate critical infrastructure to inform federal officials of cyberattacks after years of relying on a patchy — and voluntary — reporting system that often left U.S. agencies in the dark.

Some lawmakers want banks, oil and gas companies, tech providers, utilities and others to tell the top cybersecurity agency when an attack has occurred. A draft bill backed by New York Reps. Yvette D. Clarke and John Katko, a Democrat and a Republican, respectively, would give the Cybersecurity and Infrastructure Security Agency authority to require reporting from companies across various sectors within 72 hours of finding a breach. 

A similar bill in the Senate, backed by Sens. Susan Collins, R-Maine, Angus King, I-Maine, Mark Warner, D-Va., and Marco Rubio, R-Fla., was introduced in July. The latter two are the heads of their chamber’s influential Intelligence Committee.

Both bills would also require the U.S. government to share information about attacks on federal networks that are likely to affect private companies.

“The voluntary model of reporting has clearly hit its limit,” said Ron Bushar, senior vice president of FireEye Mandiant, a security research firm. While the system has offered the federal government some idea of ongoing attacks, “it’s not enough anymore,” he added. 

[ad_2]

Source link