With Eye to Russia, Biden Administration Asks Companies to Report Cyberattacks

U.S. Christopher D., Senior Vice President of Cyber, Intelligence and Supply Chain Security Policy at the Chamber of Commerce. “There’s a lot of real work to be done in the rule-making process,” Roberti said.

The law requires that a cybersecurity agency should work with companies because it sets the rules, so business leaders will have an opinion on how the law should be applied.

The cyber-attacks disrupted the operations of large American businesses last year, including JDS Foods, a meat supplier, and the Colonial Pipeline, which supplies fuel to the East Coast. Both attacks disrupted Americans’ ability to obtain essential supplies and prompted lawmakers to act.

Reporting the incident, Senators Gary Peters, a Democrat from Michigan, and Rob Portman, a Republican from Ohio, said the law would help companies like JDS Foods and Colonial recover more quickly after such attacks. The cyber security agency will be able to provide them with guidance and assistance during the recovery process.

Delayed advertising is costly for companies. In 2018, Yahoo paid a 35 million fine for failing to immediately release the 2014 hack. And the executives themselves could face criminal charges, such as in the case of a former Uber executive who has been charged with obstruction and fraud in his handling of a 2016 data breach at a ride-hailing company.

“We’ve heard from companies over the past year how inconsistent and streamlined the incident reporting landscape is,” said Courtney Lang, senior director of policy at the Information Technology Industry Council. “Given the way the cybersecurity landscape has evolved, there are risks that need to be addressed. To some extent, we feel that incident reports can provide useful information that can help shape specific responses.

While similar rules are under consideration in Europe and other federal agencies in the United States, corporate leaders hope the new federal law will serve as a model for other legislators and government officials, allowing companies to avoid the confusion of overlapping incident reporting requirements.

Similar Posts

Leave a Reply

Your email address will not be published.