Hacked US companies to face new reporting requirements

The rules are part of a broader effort by the Biden administration and Congress to shore up the nation's cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.

Associated Press

Mar 11, 2022, 6:18 PM

Updated 824 days ago

Share:

Hacked US companies to face new reporting requirements
Companies critical to U.S. national interests will now have to report when they're hacked or they pay ransomware, according to new rules approved by Congress.
The rules are part of a broader effort by the Biden administration and Congress to shore up the nation's cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.
“It’s clear we must take bold action to improve our online defenses,” said Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation.
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that's considered part of the nation's critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.
Ransomware attacks, in which criminals hack targets and hold their data hostage through encryption until ransoms have been paid, have flourished in recent years. Attacks last year on the world's largest meat-packing company and the biggest U.S. fuel pipeline - which led to days of gas station shortages on the East Coast - have underscored how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.
State hackers from Russia and China have had continued success hacking into and spying on U.S. targets, including critical infrastructure targets. The most notable was Russia's SolarWinds cyberespionage campaign, which was discovered at the end of 2020.
Experts and government officials worry that Russia's war in Ukraine has increased the threat of cyberattacks against U.S. targets, by either state or proxy actors. Many ransomware operators live and work in Russia.
“As our nation rightly supports Ukraine during Russia’s illegal unjustifiable assault, I am concerned the threat of Russian cyber and ransomware attacks against U.S. critical infrastructure will increase," said Sen. Rob Portman, a Republican from Ohio.
The legislation designates the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency as the lead agency to receive notices of hacks and ransomware payments. That caused concern at the FBI, which had openly campaigned for tweaks to the bill in an unusually public disagreement over legislation endorsed overall by the White House.
“We want one call to be a call to us all,” FBI Director Christopher Wray said last week at a cyber event at the University of Kansas. “What’s needed is not a whole bunch of different reporting but real-time access by all the people who need to have it to the same report. So that’s what we’re talking about - not multiple reporting chains but multiple access, multiple contemporaneous action, to the information.”
The FBI also has expressed concern that liability protections that would cover companies that report a breach to CISA would not extend to reporting a breach to the FBI, an issue the bureau believes could unnecessarily complicate law enforcement efforts to respond to hacks and to aid victims.
Lawmakers who helped write the bill have pushed back against the FBI, saying the bureau's concerns about being notified of hacks and liability concerns were adequately addressed in the final version of it.
The new rules also empower CISA to subpoena companies that fail to report hacks or ransomware payments, and those that fail to comply with a subpoena could be referred to the Justice Department for investigation.


More from News 12
1:28
NYPD: 37-year-old woman from Mount Vernon fatally slashed in the neck in Williamsbridge; suspect arrested

NYPD: 37-year-old woman from Mount Vernon fatally slashed in the neck in Williamsbridge; suspect arrested

2:08
Mostly sunny and pleasant weather; tracking strong to severe thunderstorms for the Bronx

Mostly sunny and pleasant weather; tracking strong to severe thunderstorms for the Bronx

1:52
Bronx school watches USA vs. India in New York’s final Cricket World Cup match

Bronx school watches USA vs. India in New York’s final Cricket World Cup match

1:45
Morris Park community demands end to gun violence following death of 29-year-old man

Morris Park community demands end to gun violence following death of 29-year-old man

0:51
Health fair in the Bronx spotlights needs of LGBTQ+ community

Health fair in the Bronx spotlights needs of LGBTQ+ community

1:53
Police: 4 men use hammers, axes to steal 30 pairs of designer glasses in Co-op City

Police: 4 men use hammers, axes to steal 30 pairs of designer glasses in Co-op City

1:41
P.S. 100X students bring home the Mayor Dinkins Cup

P.S. 100X students bring home the Mayor Dinkins Cup

0:24
NYPD: Man fatally struck by car while walking across the Washington Bridge

NYPD: Man fatally struck by car while walking across the Washington Bridge

2:15
New York launches Mobile ID to digitize driver’s licenses, non-driver IDs. Here’s how to get it.

New York launches Mobile ID to digitize driver’s licenses, non-driver IDs. Here’s how to get it.

1:28
Garden Guide: This is why your plants are blooming better than usual this year

Garden Guide: This is why your plants are blooming better than usual this year

1:28
Light installation celebrating the Bronx community glows in Morris Park

Light installation celebrating the Bronx community glows in Morris Park

2:05
Community members split on additional protection of bike lanes along Park Avenue

Community members split on additional protection of bike lanes along Park Avenue

1:51
Bronx man says MTA is charging him for tolls on trips he didn’t take

Bronx man says MTA is charging him for tolls on trips he didn’t take

2:12
Casa Celina – new affordable housing for seniors opens in Soundview

Casa Celina – new affordable housing for seniors opens in Soundview

0:37
Dog fight! Joey Chestnut out of July 4 hot dog eating contest due to deal with rival brand

Dog fight! Joey Chestnut out of July 4 hot dog eating contest due to deal with rival brand

21:13
Kane In Your Corner: Victims of the System

Kane In Your Corner: Victims of the System

1:29
What’s a heat dome? Here’s what to expect when it arrives next week

What’s a heat dome? Here’s what to expect when it arrives next week

2:07
Baychester residents outraged after months of overflowing garbage

Baychester residents outraged after months of overflowing garbage

1:45
New York Philharmonic concert series returns with first stop at Van Cortlandt Park tonight

New York Philharmonic concert series returns with first stop at Van Cortlandt Park tonight

1:21
NYPD: 3 injured in shooting near Belmont park

NYPD: 3 injured in shooting near Belmont park