Review Question

Will the Biden administration introduce legislation by Dec. 31, 2021, to require mandatory reporting of cyberattacks on U.S. utilities?

Author
Columbus
Description

https://federalnewsnetwork.com/cybersecurity/2021/04/warner-says-senate-committee-working-on-bill-to-require-mandatory-reporting-for-cyber-threats/

Starts
May 19, 2021 09:26PM UTC
Closes
Jun 19, 2021 09:26PM UTC
Topics

No Challenges Selected

Tags

No Tags Selected

Comments

AbuE
made a comment:

Yes - looking at the regional impacts of such events , the federal government might have to step in to reduce the effects especially with the midterm elections fast approaching .

Columbus
made a comment:

Unfortunately, I am not a lawyer or a legislator, and I have not yet found a bill on this, but Mark Warner is preparing something. Hence my original question about whether a bill to that effect will be introduced in Congress this year.

https://www.cnbc.com/2021/05/12/mark-warner-colonial-pipeline-mandatory-reporting.html
https://federalnewsnetwork.com/cybersecurity/2021/04/warner-says-senate-committee-working-on-bill-to-require-mandatory-reporting-for-cyber-threats/

page
made a comment:

Unless there's a very bright-line rule under consideration, new legislation/policies are often a nightmare to articulate sufficiently unambiguously in advance. For example, what if the legislation requires reporting under only certain circumstances? Or has certain exceptions? Even the cited article in the description section references "some level of mandatory reporting on cyber vulnerabilities," which sounds messy.

That said, I like the topic and idea ...

Ayrengy
made a comment:

Series of cyberattacks that exposed vulnerabilities in the United States' critical infrastructure, President Joe Biden signed an executive order May 12 aimed at bolstering defenses and transparency, including development of a Cyber Safety Review Board (CSRB) to assess major intrusions.

JuanM-Aguilar91
made a comment:

No, the answer is related to the condition of the autonomy of the staes of the American Unión. In this way, present a law proposal that make mandatory each state to present a cyber security report it could difficult to apply in the reality. This way is related to the fact that the National Cybersecurity Strategy focus mainly in the federal goverment level. In other hand, this doesn´t mean that Biden administration find a way to promote some subnational summit with the states of the union to promote the cyber security reports in this entities.

Winston
made a comment:

Yes - this is an issue that states are failing to address and it has regional impacts to the United States. The federal government will step in during this year to secure a win before the 2022 midterm elections.

Upasna05
made a comment:

Yes

Columbus
made a comment:

The same group that attacked SolarWinds. Today:
https://www.nytimes.com/2021/05/28/us/politics/russia-hack-usaid.html

archsk8r
made a comment:

Always makes me wonder how many attacks they accomplished that have not been reported!

Columbus
made a comment:

Thanks @cafebedouin for the important points.

There is still a loophole in the law that criminals regularly exploit because they know reports to the FBI are rarely made. Moreover, hostile states can exploit these weaknesses if they do not already do so regularly. Whether the various policies will make companies invest in their own cybersecurity and increase interest in reporting cybercrimes is the real question. Hence the question of stricter regulation, i.e., a law, rather than new directives.

https://en.wikipedia.org/wiki/Cyber-security_regulation
Check out support and opposition below.

So maybe the question should be more like this:
Will a new bill be introduced in Congress by the end of the year that would require private utilities to report cyberattacks while imposing more stringent requirements on their cybersecurity?

Tip: Mention someone by typing @username