Will the Biden administration introduce legislation by Dec. 31, 2021, to require mandatory reporting of cyberattacks on U.S. utilities?
No Challenges Selected
No Tags Selected
Yes - looking at the regional impacts of such events , the federal government might have to step in to reduce the effects especially with the midterm elections fast approaching .
Unfortunately, I am not a lawyer or a legislator, and I have not yet found a bill on this, but Mark Warner is preparing something. Hence my original question about whether a bill to that effect will be introduced in Congress this year.
Unless there's a very bright-line rule under consideration, new legislation/policies are often a nightmare to articulate sufficiently unambiguously in advance. For example, what if the legislation requires reporting under only certain circumstances? Or has certain exceptions? Even the cited article in the description section references "some level of mandatory reporting on cyber vulnerabilities," which sounds messy.
That said, I like the topic and idea ...
Series of cyberattacks that exposed vulnerabilities in the United States' critical infrastructure, President Joe Biden signed an executive order May 12 aimed at bolstering defenses and transparency, including development of a Cyber Safety Review Board (CSRB) to assess major intrusions.
No, the answer is related to the condition of the autonomy of the staes of the American Unión. In this way, present a law proposal that make mandatory each state to present a cyber security report it could difficult to apply in the reality. This way is related to the fact that the National Cybersecurity Strategy focus mainly in the federal goverment level. In other hand, this doesn´t mean that Biden administration find a way to promote some subnational summit with the states of the union to promote the cyber security reports in this entities.
Yes - this is an issue that states are failing to address and it has regional impacts to the United States. The federal government will step in during this year to secure a win before the 2022 midterm elections.
The same group that attacked SolarWinds. Today:
Always makes me wonder how many attacks they accomplished that have not been reported!
Thanks @cafebedouin for the important points.
There is still a loophole in the law that criminals regularly exploit because they know reports to the FBI are rarely made. Moreover, hostile states can exploit these weaknesses if they do not already do so regularly. Whether the various policies will make companies invest in their own cybersecurity and increase interest in reporting cybercrimes is the real question. Hence the question of stricter regulation, i.e., a law, rather than new directives.
Check out support and opposition below.
So maybe the question should be more like this:
Will a new bill be introduced in Congress by the end of the year that would require private utilities to report cyberattacks while imposing more stringent requirements on their cybersecurity?