New Senate bill would force organizations to report cyber attacks within 24 hours
Friday, June 18, 2021
Under the proposed bill, DHS would create more rules with definitions and requirements associated with implementing the law. It would also be required to send annual reports to Congress about notifications.
Ilia Kolochenko, founder of ImmuniWeb, told ITPro that receiving breach reports for centralized investigation and prevention while providing companies with certain immunities for the disclosure is a wise and timely idea.
“Given the gigantic volume of data such legislation may create, CISA will certainly need a tenfold increase of its existing budget, otherwise, valuable threat intelligence information will just gather dust in CISA archives. Furthermore, interagency collaboration is to be enhanced and better organized to enable investigation and judicial prosecution of wrongdoers, something that CISA is not entitled to perform without the FBI and DOJ for example,” he said.
Kolochenko added that lawmakers would have to consider whether the new federal law will pre-empt existing state and federal laws, such as HIPAA or HITECH. These existing laws already incorporate mandatory breach notifications, but they focus primarily on notifying victims.
“Finally, the privacy question is crucial: many breach notifications may inadvertently disclose sensitive information about individuals including foreign citizens, or expose corporate trade secrets. Comprehensive data protection and privacy framework must be defined by CISA before requesting the data breach reports,” Kolochenko said. Read Full Article
Enterprise Times: FBI move creates payment challenges for cybercriminals
GovInfoSecurity: DOJ Shut Down Slilpp Marketplace for Stolen Credentials