Bipartisan Senate bill takes aim at ‘overly burdensome’ cybersecurity regs

The Streamlining Federal Cybersecurity Regulations Act would establish an interagency committee to recommend which cyber regulations to lessen or waive.

The post Bipartisan Senate bill takes aim at ‘overly burdensome’ cybersecurity regs appeared first on CyberScoop.

Continue reading Bipartisan Senate bill takes aim at ‘overly burdensome’ cybersecurity regs

Cyber Safety Review Board needs stronger authorities, more independence, experts say

The CSRB needs to become more transparent regarding its membership and the cases it takes on, experts told Congress.

The post Cyber Safety Review Board needs stronger authorities, more independence, experts say appeared first on CyberScoop.

Continue reading Cyber Safety Review Board needs stronger authorities, more independence, experts say

Senate report criticizes feds’ approach to ransomware investigations

The federal government is not responding effectively to the ransomware crisis, according to a report from the Senate Homeland Security panel.

The post Senate report criticizes feds’ approach to ransomware investigations appeared first on CyberScoop.

Continue reading Senate report criticizes feds’ approach to ransomware investigations

The long, bumpy road to cyber incident reporting legislation — and the one still ahead

The legislation eventually garnered widespread support on its way to becoming law, but much remains unresolved.

The post The long, bumpy road to cyber incident reporting legislation — and the one still ahead appeared first on CyberScoop.

Continue reading The long, bumpy road to cyber incident reporting legislation — and the one still ahead

Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval

The Senate passed legislation Tuesday evening requiring critical infrastructure owners to report to the feds when they suffer a major cyberattack or make a ransomware payment — shaking loose a bill that got stuck in the chamber last year. Under the measure, which now moves to the House for potential consideration, those critical infrastructure owners and operators as well as federal agencies would have to disclose a significant incident to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency within 72 hours. The same owners and operators would have to report any ransomware payments to CISA, too, only within 24 hours. Its intent is to give CISA the information it needs to more widely share threat data to help curtail major cyberattacks rippling through key targets, such as what happened in late 2020 when federal contractor SolarWinds suffered a compromise that ended up spreading to federal agencies and major tech […]

The post Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval appeared first on CyberScoop.

Continue reading Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval

Incident reporting, ransomware payment legislation faces trouble in Senate

Legislation requiring critical infrastructure owners to report major cyber incidents to the federal government, and mandating that ransomware victims disclose when they make payments, has hit a significant snag in the Senate. A bipartisan group of senators announced a proposal in November that would require critical infrastructure owners and operators to report within 72 hours to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency when they suffer major cyber incidents, as defined by CISA. It also would require reporting of ransomware payments to CISA from a broader set of organizations, excluding only individuals and some smaller businesses, within 24 hours. Advocates hope that by requiring swift reporting of major incidents, federal officials can help reduce the damage more quickly. Gathering intelligence about ransomware payments would help law enforcement and national security officials understand and act on digital extortion trends, officials say. Backers were unable to advance the proposal last […]

The post Incident reporting, ransomware payment legislation faces trouble in Senate appeared first on CyberScoop.

Continue reading Incident reporting, ransomware payment legislation faces trouble in Senate

Biden administration officials push Congress to shape breach reporting mandates

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]

The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.

Continue reading Biden administration officials push Congress to shape breach reporting mandates

SHOCKER: Senate Says Security Sucks—Still

A Senate committee graded cybersecurity as poor among eight big agency departments. Not much has changed since the last report.
The post SHOCKER: Senate Says Security Sucks—Still appeared first on Security Boulevard.
Continue reading SHOCKER: Senate Says Security Sucks—Still

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing