Legislators pushing for mandatory cyber incident reporting by critical infrastructure operations have received a boost from newly installed Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and Chris Inglis, the inaugural White House national cyber director.
Any legislation involving cyber incident disclosures could influence how MSSPs, MSPs and MDR (managed detection and response) service providers work and communicate with their customers and the government.
Chris Inglis, national cyber director, White House
Jen Easterly, director, CISA
At their nomination hearings both Easterly and Inglis made it clear that they support imposing minimum reporting standards on critical infrastructure outfits and private companies to notify the federal government of cyber incidents. A mandate of that sort would include MSSPs and their customers. There is no such reporting requirement right now on any type of entity.
“It seems to me that voluntary standards are not getting the job done and there probably is some sort of role for making some of these standards mandatory to include notification,” Easterly said. “I do think it’s important that when there’s a significant cyber incident that critical infrastructure companies have to notify the federal government, in particular CISA. We have to be able to warn other potential victims,” she said.
Inglis said that the nation must have confidence that “our critical services, our critical functions…will be delivered.” Considering that voluntary reporting and market forces are not propelling companies to report cyber incidents, “some imposition of standards or regulation on top of that, we begin to take steps in ..
Support the originator by clicking the read the rest link below.
