Cyber incident
disclosure
FBI Wants to be Notified About Cyber Incidents Along With Other Federal Agencies
The Federal Bureau of Investigation wants to be among the first agencies to be notified whenever cyber breaches occur, and the agency wants this to be clearly stipulated in the incident disclosure legislation currently being put together by Congress. This was the bureau’s reaction to a Senate bill that puts the Cybersecurity and Infrastructure Security Agency front and center when it comes to reporting requirements, FCW reported Tuesday.
It was reported that Sens. Mark Warner, Susan Collins, Gary Peters and Rob Portman are planning to propose an amendment to the 2022 National Defense Authorization Act that would require infrastructure providers, federal contractors and other key private sector entities to report cyber attacks within 72 hours of discovery to CISA. The measure also provides for the disclosure of ransomware payments by private and public entities to attackers within 24 hours.
However, Bryan Vorndran, assistant director of the FBI’s Cyber Division, on Tuesday told the House Committee on Oversight and Reform that the bureau cannot fully support federal cyber initiatives unless companies immediately inform it about breaches alongside CISA. He emphasized the importance of the FBI receiving full and immediate access to cyber incidents so it can act on them as soon as possible and in unison with federal partners.
Vorndran called on the oversight committee to make sure that the legislation currently being considered explicitly empowers the agencies at the front lines of incident response. He added that the FBI’s cyber division has been in constant contact with CISA as well as National Cyber Director Chris Inglis.
In September, CISA Director Jen Easterly told the Senate Homeland Security Committee that more stringent reporting requirements would allow her agency to quickly conduct speedy analysis and share information to protect other potential victims.
Category: Cybersecurity