FBI Wants Real-Time Access to Information on Cyber Attacks

The Federal Bureau of Investigation wants to be among the first agencies to be notified in the event of a major cyber breach, and it wants that to be explicitly stipulated in the law. Late in 2021, the House hurriedly passed incident reporting legislation that requires affected organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours after they happen, but leaves out the FBI, Nextgov reported Thursday.

However, Bryan Vorndran, assistant director of the FBI’s cyber division, clarified that the bureau’s leadership is not after a law that would compel affected companies to report cyberattacks to both CISA and the FBI. All the bureau wants is to have real-time and unfiltered access to incident information that is reported to CISA, he added.

Vorndran called for a tweaking of the proposed law to include language that clearly gives the FBI access to all the current information that it needs to investigate a particular cyber incident. It was noted that only the House version of the law managed to pass in 2021.

Nextgov said that bipartisan legislation is being pursued by leading cybersecurity officials across the government for the insights it would provide into cyber threats and its utility for reducing the impact of attacks on critical infrastructure.

Meanwhile, Robert Silvers, undersecretary for policy at the Department of Homeland Security, called cyber incident reporting legislation a “game-changer” that will give concerned government agencies better visibility into the threat landscape. He, however, expressed confidence that CISA will share reports with the FBI and other relevant agencies regardless of what Congress ends up passing.