U.S. Senator Mark Warner, Virginia Democrat and Chairman of the Senate Information Task Force, held a hearing on global threats at Capitol Hill, Washington, DC, on April 14, 2021. I will.
Sole robe | Pool | Reuters
Some companies will tell the government when the new bill, announced Wednesday, is hacked.
The bipartisan cyber incident notification law is a recent response attack SolarWinds, The Colonial Pipeline that affected government agencies, and the Colonial Pipeline that blocked US access to fuel in large areas. Since then, there has been a surge in ransomware attacks where hackers encrypt files until the victim pays the ransom.
The problem is that under federal law, businesses do not have to report these cases. This means that some incidents can occur without the government’s knowledge, and if the government’s own system may be involved in the attack, it can have serious implications.
The bill introduces new disclosure requirements to notify the Department of Homeland Security when federal agencies, federal contractors, and critical infrastructure companies identify system breaches. Also, if you report a breach, for example if shareholders do not have access to the information disclosed for use as evidence in a proceeding, these companies will be granted limited immunity and DHS will provide personally identifiable information. Must be anonymized. By doing so, businesses can report incidents quickly and enable governments to act efficiently when needed.
The bill was led by Mark Warner (Republican), Vice-Chair Marco Rubio (Republican), and Susan Collins (Republican), Senate Special Committee on Information Issues. SolarWinds attack.
At the hearing Microsoft President Brad Smith testimony Cybersecurity companies are the only reason the government and the public are aware of the incident FireEye Reported that he believed it was a state-sponsored attack on his system December.. After that disclosure Reuters Through an update to the SolarWinds software, we reported on hacking into US agencies that may be linked to the enemy. Sources later told Reuters that the attack was related to the FireEye incident.
The case showed how easy it was for Congressmen to be left in the dark in a massive government hack. It also reveals the obstacles companies face when deciding whether to report a cyberattack.
FireEye CEO Kevin Mandia told CNBC’s Eamon Javers in an interview during the hearing that disclosure was a “very complex issue.”
“The reason it’s a complex issue is because of all the responsibilities companies face when publishing disclosures,” Mandia said. “They file a derivative suit, have many considerations about their business implications, and don’t want to create unnecessarily large amounts of fear, uncertainty, and doubt.”
The new bill aims to mitigate that fear of businesses by introducing limited liability protection.Warner Made fun of legislation In June, he said he believed the business community would accept it.
“When this debate happened six or seven years ago, the business community didn’t want additional mandatory reports,” he said at the time. “I think they are now aware that they are at risk without mandatory reporting.”
The new bill will force some companies to report cyberattacks to the government
Source link The new bill will force some companies to report cyberattacks to the government