An official with the Cybersecurity and Infrastructure Security Agency wants cyberattacks against critical infrastructure operators to be reported to the government within 24 hours, a departure from Congressional law that sets a time frame of 72 hours.
The rise in cyber attacks on critical infrastructure such as the Colonial Pipeline has resulted in legislators and federal agencies pushing for mandatory reporting of attacks to the government.
“The US government has argued that we think 24 hours is the right amount of time, which will allow us to use the information soon enough, but will allow companies some time to determine if this is a real incident or not “Said Brandon Wales, the executive director of CISA, said Rebecca Kern of the Bloomberg government during a Bloomberg event yesterday.
“When there are these big incidents, 24 hours is already pretty deep in the response cycle,” he said. “In the colonial example, they already let customers know that they …