US federal cyber officials will ask industry leaders to help shape the regulatory structure for cybersecurity incident reporting, according to Cyberscoop.
This was reported on behalf of Cybersecurity and Infrastructure Security Agency director Jen Easterly.
This framework follows the newly passed law by President Biden that requires critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware attacks within 24 hours.
CISA remarked that it will use the reports to rapidly deploy resources to victims under attack and share information with network defenders. Easterly detailed that she wants to work with industry to create a smart regulatory apparatus that doesn’t create problems for the private sector.
She added, “This will finally allow us a much better understanding what’s going on across the ecosystem. We don’t want to burden industry and we don’t want to burden the federal government with noise either.”
Easterly said that after CISA issues a request for information from the private sector, she intends to also host several listening sessions with industry to ensure the rule-making process is consultative.
She continued, “There’s amazing, amazing talent out there in the defense community, and we need to harness that to make sure that we are building and defending a secure and resilient ecosystem to make adversaries’ jobs much harder. This is the thing — attackers have budgets, too. We have to work together to make sure that we are increasing the marginal cost of their investment.”
CISA recently revealed it was looking to bolster its efforts to fight disinformation leading up to the 2024 Presidential Election.
According to Cyberscoop, CISA director Jen Easterly said that the danger of disinformation has become an ‘incredibly difficult problem’.
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst