Essential regulations for reporting cyber events affecting essential infrastructure
The U.S. government is taking steps to strengthen the security of critical infrastructure providers by implementing new regulations that require the reporting of major cyberattacks and ransom payments.
The private sector has been reluctant to share information on cyberattacks, particularly ransomware attacks, due to the possibility of sensitive company data being posted on the Dark Web or sold to secondary threat actors. However, the new legislation aims to provide legal cover for companies to share threat intelligence with law enforcement and government agencies.
Microsoft, a target of the SolarWinds threat actor, has been a major proponent of greater information sharing between industry and the federal government. Tom Burt, corporate vice president of customer security and trust at Microsoft, expressed support for the incident reporting legislation in a tweet.
The SolarWinds attack demonstrated a visibility gap for federal authorities regarding the nation's IT infrastructure. The attack, which affected numerous companies and government agencies, underscored the need for clearer communication channels between the private sector and government agencies when defending against or responding to cyberattacks.
The new regulations require critical providers, including utilities, banks, energy providers, and others, to alert the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a major cyberattack or 24 hours of a ransom payment. This will provide federal authorities with timely access to threat information and ransomware details, enabling them to take swift action.
SolarWinds, one of the companies affected by the attack, has expressed support for the new regulations. In a statement, the company said, "SolarWinds looks forward to more details on how the incident reporting process will play out." The company also appreciated the approach by CISA Director Jen Easterly and her team.
The legislation also gives CISA the authority to subpoena companies that fail to adhere to the reporting requirements and refer them to the Department of Justice if they fail to provide the requested information. This will help close visibility gaps for investigators and security responders, providing them with actionable intelligence on ransomware and extortion crimes in real time.
The FBI was able to recover about $2.3 million through a court-ordered operation to claw back part of the bitcoin payments Colonial Pipeline provided during a ransomware attack that caused a six-day shutdown of its massive fuel pipeline. The company's executives shared information about the $4.4 million in payments made to the threat actors.
Having clear knowledge of who in government they should be coordinating with is important for companies defending against or responding to cyberattacks. SolarWinds was initially notified of the attack by FireEye Mandiant researchers and subsequently shared threat information with federal authorities.
The goal of the legislation is to provide a more secure overall security posture for critical infrastructure providers. By requiring the reporting of cyberattacks and ransom payments, the government hopes to strengthen the resilience of critical infrastructure against cyber threats.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- House Infernos: Deadly Hazards Surpassing the Flames
- Rare Genetic Disease Affecting a Child: Lend a Hand to Those in Need
- Aspergillosis: Recognizing Symptoms, Treatment Methods, and Knowing When Medical Attention is Required
