This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: U.S. Officials Call for Fines Against Companies That Don’t Report Hacks
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > U.S. Officials Call for Fines Against Companies That Don’t Report Hacks
Tech

U.S. Officials Call for Fines Against Companies That Don’t Report Hacks

Editorial Board Published September 24, 2021
Share
U.S. Officials Call for Fines Against Companies That Don’t Report Hacks
SHARE

Top U.S. cyber officials on Thursday urged Congress to add more teeth to any legislation forcing firms that operate critical infrastructure to disclose hacks, calling for a narrow reporting window after a breach and fines against companies that don’t comply.

Contents
National Cyber Director Chris InglisNewsletter Sign-upWSJ Pro Cybersecurity

Such mandates could help federal agencies and critical economic sectors to respond to incidents, security experts say. But many businesses and some lawmakers are wary of the tighter regulation and potential penalties for which the Biden administration is advocating.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, on Thursday said quicker disclosures by hacking victims would allow U.S. officials to analyze the data and identify other potential targets.

“To that end, cyber incident reporting must be timely, ideally within 24 hours of detection,” Ms. Easterly said in written testimony at a hearing by the Senate Homeland Security and Governmental Affairs Committee to discuss security threats.

At the same hearing, Ms. Easterly, Federal Chief Information Security Officer Chris DeRusha and National Cyber Director Chris Inglis called for financial penalties against companies that break such rules.

National Cyber Director Chris Inglis

Photo: Kevin Dietsch/Getty Images

“We of course don’t want to impose an unfair burden on the victims,” Mr. Inglis said. “But this information is essential for the welfare of the whole.”

The statements suggest the Biden administration sees aggressive enforcement as key to a potential incident-reporting regime, which Congress has failed to create over the past decade amid pushback from the private sector. States require firms to disclose breaches that expose personal information. Regulated industries such as financial services have sector-specific rules requiring companies to report hacks, but there is no federal reporting standard for hacks of businesses deemed critical to the U.S. economy.

A spate of cyberattacks on federal agencies and critical infrastructure operators in recent months has breathed life into the idea, convincing certain companies and business-friendly lawmakers that some rules are needed. Lobbyists are pushing lawmakers for less-strict requirements, including a 72-hour reporting window, saying that a shorter period would complicate companies’ ability to respond to incidents and flood the government with data.

Congressional proposals in recent months, however, have diverged over the breadth of incident reporting requirements, and how to enforce them.

A Senate bill unveiled in July proposed a 24-hour reporting window for designated firms and would allow CISA to fine firms up to 0.5% of their previous-year revenue for each day they break the rules. A draft bill in the House would give CISA power to subpoena—but not fine—companies that withhold information after at least 72 hours. House lawmakers considered proposing fines, an aide said, but believe they would create tension with companies without improving CISA’s access to timely information.


Newsletter Sign-up

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


While Ms. Easterly on Thursday said disclosures within 24 hours of a breach could help CISA track threats, she warned that too short of a reporting window could yield bad information.

“Erroneous noise is not what we need,” she said. “We need signal.”

Thursday’s hearing came a day after the government issued new guidance for how companies in critical infrastructure sectors such as energy and transportation should shore up their cyber defenses. The high-level recommendations include producing cyber risk assessments, conducting constant monitoring for threats, and cataloging all software and hardware within computer networks.

U.S. officials have signaled that more cyberattacks on critical infrastructure could necessitate mandatory regulations, such as the Transportation Security Administration rules unveiled after hackers disrupted the East Coast’s largest gas pipeline for six days in May. Those requirements compel pipeline operators to report hacks within 12 hours or face potential penalties of $7,000 a day, officials said.

Businesses are wary of such fines on critical infrastructure writ large.

John Miller, senior vice president of policy and general counsel at the Information Technology Industry Council, a Washington-based trade association of tech companies, said imposing penalties could push firms to structure compliance programs around avoiding fines rather than instituting best practices for cybersecurity.

“Punitive measures would be counterproductive to maintaining the existing partnership that currently exists between the private sector and government,” Mr. Miller said.

Write to David Uberti at david.uberti@wsj.com

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article Evergrande Bondholders Await Update on Key Interest Payment Evergrande Bondholders Await Update on Key Interest Payment
Next Article CDC Chief Backs Pfizer Boosters for At-Risk Workers in Break With Panel CDC Chief Backs Pfizer Boosters for At-Risk Workers in Break With Panel

Editor's Pick

JPMorgan unveils its 2025 summer season studying record

JPMorgan unveils its 2025 summer season studying record

JPMorgan Chase Chairman and CEO Jamie Dimon on the significance of management abilities, deregulation coverage, power independence and the Federal…

By Editorial Board 4 Min Read
Overview: Hollywood star delivers an enormous shock at BottleRock Napa
Overview: Hollywood star delivers an enormous shock at BottleRock Napa

Followers turned out to see Kate Hudson at BottleRock Napa Valley on…

5 Min Read
Man shot and killed on one hundredth Avenue in Oakland on Saturday
Man shot and killed on one hundredth Avenue in Oakland on Saturday

Oakland police are investigating the loss of life of a person, 34,…

1 Min Read

Oponion

Big Tech’s  Trillion Bet on Politics as Usual

Big Tech’s $10 Trillion Bet on Politics as Usual

The wisdom of crowds doesn’t always prevail. But more than…

December 30, 2021

‘Point of pride’: Dems experience California Home wins regardless of nationwide losses

LOS ANGELES — Go away it…

December 5, 2024

An Iceland Vacation Home With Front Row Seats to a Rare Sight: Greenery

With its waterfalls and glaciers, Iceland…

September 29, 2021

Eva Longoria Donates $1 Million to Los Angeles Wildfire Aid

Eva Longoria is pledging a seven-figure…

January 15, 2025

Facebook Parent Meta Sees Executive Exodus in India

BusinessThree senior executives in India have…

November 16, 2022

You Might Also Like

The Landscape of International Trade in 2025: Constant Evolution and Strategic Shifts
TechTrending

The Landscape of International Trade in 2025: Constant Evolution and Strategic Shifts

The international trade landscape is in constant flux, and the year 2025 is no exception. According to expert Manoel Gil…

3 Min Read
TLI Ranked Highest-Rated 3PL on Google Reviews
TechTrending

TLI Ranked Highest-Rated 3PL on Google Reviews

EXTON, PA — Translogistics, Inc. (TLI), a trailblazer in the 3PL and managed logistics space since its founding in 1994,…

12 Min Read
The Finest LED Face Masks and Pink-Gentle Remedy for At-Dwelling Therapies
Tech

The Finest LED Face Masks and Pink-Gentle Remedy for At-Dwelling Therapies

Finest Cooling LED Face Masks{Photograph}: SHARKShark CryoGlow Pink Blue & Infrared iQLED Face Masks & Underneath Eye CoolingThe Shark CryoGlow…

4 Min Read
Which Google Pixel Telephone Ought to You Purchase?
Tech

Which Google Pixel Telephone Ought to You Purchase?

Google Pixel telephones are our favourite Android telephones right here at WIRED and have been for a number of years.…

6 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?