Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal government has failed to pass nationwide legislation to combat and report cybersecurity events. The current bipartisan bill presented by Senators Mark Warner (D-VA), Marco Rubio (R-FL), and Susan Collins (R-ME), reflects a revitalized effort by Congress to pass much-needed federal rules surrounding cybersecurity breach notifications.
[Editor’s note: Why not pass legislation aimed at prevention measures?]
What’s In The Bill?
The proposed bill requires federal agencies, contractors, and operators of critical infrastructure to send breach notifications to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) within 24 hours. CISA would work with the Director of National Intelligence, Office of Management and Budget, Defense Department, and Federal Chief Information Officer to write rules about who specifically would have to report what sorts of intrusions. In addition to notification of intrusions, businesses would have to report what networks were affected, tactics hackers used, and contact information for victims.
[Author’s Note: Why limit to federal agencies when SMBs are attacked 15x more often?]
Federal contractors that don’t comply with the law would face penalties up to and including no longer being eligible for future contracts. For every day they don’t comply beyond 24 hours, critical infrastructure owners or cyber incident response firms could face fines of up to 0.5% of their gross revenue from the year before.
The bill does include liability protections for companies that report their breach which should remove barriers to open and honest communication with CISA.
[Author’s question: Will these reports to CISA be public or confidential?]
Why Pass The Bill?
While some government agencies are already under some form of cybersecurity requirements, like the TSA, a law that touches all government entities should be in place. Currently, there is bipartisan support for this legislation as everyone agrees cyberattacks are a huge problem as evidenced by a year of attacks on hospitals, schools, government agencies. Both sides of the aisle want to take action to slow these attacks. CISA officials argue that transparent reporting of these attacks will help build better understanding and countermeasures for protecting the nation’s critical infrastructure.
What Should We Do To Secure Ourselves?
Your company cannot wait for prescriptions from lawmakers on Capitol Hill to require protections from ransomware or other cyberattacks. Your company needs to take proactive measures today to reduce its chances of being a victim. CyberHoot recommends the following best practices to prepare for, limit damages, and sometimes avoid these cyber attacks:
Adopt two-factor authentication on all critical Internet-accessible services
Adopt a password manager for better personal/work password hygiene
Require 14+ character Passwords in your Governance Policies
Follow a 3-2-1 backup method for all critical and sensitive data
Train employees to spot and avoid email-based phishing attacks
Check that employees can spot and avoid phishing emails by testing them
Document and test Business Continuity Disaster Recovery (BCDR) plans
Perform a risk assessment every two to three yearsSources:
via Technology & Innovation Articles on Business 2 Community https://bit.ly/3qu6I37
Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal government has failed to pass nationwide legislation to combat and report cybersecurity events. The current bipartisan bill presented by Senators Mark Warner (D-VA), Marco Rubioideas, innovation, management, technology, Technology & Innovation Articles on Business 2 Community
What is Minecraft Live? Minecraft Live is a virtual event that’s accessed around the world. It’s packed with news about the game, content creators, and it will include a community vote that influences the game. Where can I watch Minecraft Live? You can watch Minecraft Live in any place that has an internet connection. Use…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations. The advisory includes technical details, analysis, and assessment of this cyber threat,…
PRESS RELEASE October 18, 2021 The new MacBook Pro features a 1080p camera, the best audio system in a notebook, and the most advanced connectivity ever in a MacBook Pro The completely reimagined 14- and 16-inch MacBook Pro is powered by the all-new M1 Pro and M1 Max chips. CUPERTINO, CALIFORNIA Apple today unveiled the completely reimagined MacBook Pro powered…