Estimated reading time: 1 minute, 54 seconds

How Biden Cyber Officials Want to Overhaul Data Breach Rules  

Wednesday, Sep 29 2021
Regulatory
Written by  Security Tech Brief

Congress is in the midst of a bipartisan effort to revamp federal laws for information security, and the Biden administration’s top cyber officials have voiced their staunch support.

capitol 720677 640smallAs The Washington Post reports, the Senate Homeland Security Committee recently held a hearing on two upcoming cyber bills. One piece of draft legislation would require operators of critical infrastructure to report data breaches to the Cybersecurity and Infrastructure Agency. The committee is also at work on redrafting the Federal Information Security Management Act, last updated in 2014, which sets the federal government’s cybersecurity rules.

CISA director Jen Easterly told lawmakers she is a “huge supporter” of the proposed legislation that would mandate cyberattack disclosure by government contractors, federal agencies and certain private companies, as Bloomberg reports. Chris Inglis, the U.S. national cyber director, said such notifications would be “profoundly useful.”

Both Easterly and Inglis endorsed fining companies if they don’t report data breaches. “Most of the 50 states have reporting requirements of a similar sort, and the vast majority of them have enforcement mechanisms, and many use fines,” Inglis said, as quoted by Government Technology

As Utility Dive sums up, Easterly called for the bill to codify CSO’s role as the operational lead in federal cybersecurity. Easterly also urged lawmakers to shift to operational risk management from mere compliance-list-checking. And she pressed for a national notification law so CISA can share information promptly.

Easterly said the legislation must be designed to avoid unnecessarily weighing down businesses or CISA. “We don’t want to be flooded with reports saying, ‘We detected something; we’re not sure whether there’s actual impact or not.’ We need to make sure there’s determined impact,” Easterly said. “What we don’t want is to have CISA overburdened with erroneous reporting, and we don’t want to burden a company under duress when they’re trying to manage a live incident.”

The committee’s chair, Sen. Gary Peters (D-Mich.), reportedly plans to formally introduce a cyberattack disclosure bill in the weeks ahead. “We need to pass updated legislation clarifying CISA’s role and responsibilities, improve how incidents on federal networks are being reported to Congress and ensure our own cybersecurity resources are aligned with emerging threats,” Peters said, as quoted by Tech Target.

Read 1858 times
Rate this item
(0 votes)
More in this category: « Texas Adds New Data Breach Notification Requirement GDPR Fines Soared to $1.2B in Past Year: Law Firm   »

Visit other PMG Sites:
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline