Colonial pipeline attack increases bipartisan urgency to reform cyberattack reporting laws
There was already a bipartisan effort in Congress to craft legislation that would require certain companies, particularly those that operate critical infrastructure, to report cyberattacks, and the recent ransomware strike against the Colonial Pipeline has increased the urgency to get things done, Politico reports.
"You couldn't have a better reason" for adding a mandate than the attacks on Colonial and SolarWinds, which took place last year, Sen. Mark Warner (D-Va.) told Politico. He's working alongside Sen. Marco Rubio (R-Fla.), who said requiring companies like Colonial to alert the government of an attack is just "the tip of the iceberg of what we need to do."
Private companies have bristled at the idea of voluntarily sharing their data with the government for fear of leaks, Politico notes, but as the risk of cyberattacks increases, a mandate could become harder and harder to avoid. Until something is in place, the U.S. government will remain "completely blind to what is happening," Brandon Wales, the acting director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, told reporters earlier this week, per Politico. "That just weakens our overall cyber posture across our entire country."
Warner said the legislation would provide a "public-private forum, with appropriate immunity and confidentiality." Read more at Politico.