Security experts push for legislation requiring some companies to report ransomware attacks

WASHINGTON — High-profile ransomware attacks over the last year have impacted everything from our fuel supply to hospital systems.

On Tuesday, members of a House panel heard from cybersecurity experts about the government’s efforts to fight the problem and they pushed for Congress to pass legislation requiring some companies to immediately report cyberattacks to the government.

The bipartisan Cyber Incident Notification Act would require federal agencies, federal contractors, and critical infrastructure companies to report a breach of their systems within 24 hours of their discovery.

Right now, under federal law companies do not have to report cyberattacks to the government.

“I can’t stress enough the importance of the FBI receiving full and immediate access to cyber incidents,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. “24 hours probably wouldn’t seem like a big delay to most people, but the help that we can offer within that time can be the difference between a business or a piece of critical infrastructure staying afloat or being crippled.”

Cybersecurity officials pointed to efforts we can all do to prevent attacks like spotting phishing attempts with suspicious emails and they said companies and organizations must make long-term investments to better protect their own data.

“Unfortunately, strengthening resilience to withstand ransomware attacks is arguably the most difficult element of our collective efforts as it ultimately relies on changing human behavior,” said Brandon Wales, Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA). “Every organization that wants to avoid being a victim of ransomware must invest in the practices that will keep their customers, their systems and their data protected.”

“The systems that these criminals target are far too often left vulnerable by failures to patch, to properly secure data, to create reliable backups,” said Chris Inglis, National Cyber Director for the Biden administration.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW