Owner system

Biden signs bill to create cybercrime reporting system

President Joe Biden signed into law the Better Cybercrime Metrics Act today. The measure, which received bipartisan support from Congress, represents the federal government’s latest step to help bolster various aspects of the nation’s cyber defenses. The new law establishes requirements to improve the collection of data related to cybercrime and cybercrime.

Rep. Abigail Spanberger (D-Va.), who sponsored the legislation in the House, said in March that it would “give law enforcement the tools they need to better track and identify cybercrime, prevent attacks and hold the perpetrators accountable”.

According to The hill, “The bill follows the passage of a new cyber law that requires critical infrastructure companies to report significant cyberattacks and ransomware payments within 24 to 72 hours to the Cybersecurity and Infrastructure Security Agency (CISA) , a federal agency that oversees cybersecurity infrastructure and enforcement. ”

“A positive impact”

Michael Baker is vice president and chief information security officer at General Dynamics Information Technology. He believed the new law “will have a positive impact on combating the growing number of cyber attacks, as it will enable faster and more transparent sharing of cyber threat intelligence between industry and government.

“We need to ensure that this collective intelligence is distributed widely and immediately to cyber defense teams to limit the impact and scale of modern cyberattacks,” he advised.

The United States must stay one step ahead of its adversaries

Baker said, “The ability of the United States to come together across public and private entities to quickly disseminate lessons learned and contribute to collective defense is critical. [for] to advance.

“The motivation and sophistication of our adversaries to gain a competitive or strategic advantage over the United States is only increasing; thus, the United States must act accordingly to stay ahead,” he warned.

Business impact

Michael Bahar is the former Deputy Legal Counsel for the National Security Council and Director of Minority Staff and General Counsel for the House Intelligence Committee. He is now a litigation partner at global law firm Eversheds Sutherland and co-leads the global cybersecurity and data privacy practice.

Bahar said, “It’s not too little too late when it comes to strengthening the cybersecurity of a nation – or a company. Every little bit counts, and sometimes even seemingly small (and overdue) steps can have an outsized impact.

“This [new law] does not impose additional requirements on companies and does not directly fund national cyber defense efforts; on the contrary, it increases the quantity and quality of cybercrime measurements, which, together with advanced analytics, should reveal insights and trends that lead to better prevention and enforcement,” Bahar predicted.

The bill Biden signed into law today, “…gets to this point. Our cybersecurity solutions, both at the corporate and national levels, will benefit from a deeper understanding of the problem of cybercrime,” he concluded.

Boundaries

James Turgal is a former Executive Assistant Director of the FBI’s Information and Technology Branch and now Vice President of Cyber ​​Risk, Strategy and Board Relations at Optiv Security.

He observed that “information sharing between victims of crime and law enforcement is always a good thing. Currently, statistics on cyberattacks are unreliable, as some companies report attacks immediately. »

Report problems

But Turgal pointed out that “a large number of victimized companies refuse to report the attacks, because they see them as a weakness, a competitive disadvantage or they believe that the impact on the share price, the value of the company and , more important again, [the] brand, will be too big.

“This new legislation, coupled with the previously passed Cyber ​​Incident Reporting for Critical Infrastructure Act of 2022, will, in theory, allow for mandatory reporting of cyberattacks by victims in critical infrastructure industries within specified timeframes.”

Then, he said, “These reporting statistics would then be collected and reported annually by the Bureau of Justice Statistics, as required by the Better Cybercrime Statistics Act.

“While collecting cyberattack metrics is beneficial, unless the business is in a critical infrastructure sector, reporting is voluntary and unlikely to occur,” Turgal predicted.

A top priority for the Biden administration

Lisa Plaggemier, acting executive director of the National Cybersecurity Alliance, pointed out, “The Biden administration has made no secret of making cybersecurity one of its top priorities.

“On a purely cyber level, for too long the United States…has operated in an opaque and uncoordinated manner when it comes to cybersecurity. widespread public confidence.

Boost collaboration and transparency

“So while this bill won’t solve everything on its own, by tackling reporting head-on – which is one of the most critical, yet under-reported areas of effective attack mitigation – it helps build collaboration and transparency between a multitude of business sectors and the public they serve.

“Furthermore, this is another fundamental part of US cybersecurity policy and strategy that many players in the cybersecurity space value. [are] probably late,” she said.

Advice for entrepreneurs

Baker of General Dynamics Information Technology recommended that “companies should view cybersecurity risk as a business risk at the board level.”

He said that includes:

  • Empower information security managers to guide their company’s cyber strategy.
  • Hold themselves accountable for basics like patches and actively monitor their networks.
  • Prioritize prudent investments to increase the maturity of their programs over time with steps such as two-factor authentication and other capabilities needed to thwart our adversaries and cybercriminals.