Administration Concerned About Sidelining FBI in Cybersecurity Bill (Dreamstime)
By Jeffrey Rodack | Tuesday, 16 November 2021 02:11 PM
The Biden administration is "troubled" by proposed legislation requiring companies to report cyberattacks to just the Department of Homeland Security and not to the FBI, a bureau official told lawmakers on Tuesday.
Bryan Vorndran, the assistant director of the FBI’s Cyber Division, noted the concern in a statement for the record provided to the House Committee on Oversight and Reform, according to Politico.
He said legislation proposed by the Senate and House Homeland Security committees requiring a wide range of companies to report intrusions leaves the FBI sidelined.
"Current incident reporting legislation being considered fails to recognize the critical expertise and role that DOJ, [Department of Justice] including the FBI, play when it comes to cyber incident reporting," Vorndran said.
"Cyber is the team sport, and the Department of Justice and the FBI are a key player, "It is time for legislation to reflect this reality."
Politico noted the administration’s concern over the bill throws a wrench into the move to mandate key companies disclose cyberattacks. Currently, government agencies rely on companies to disclose hacks so they can determine the full-scale of the attacks and issue the necessary security recommendations.
In light of the cyberattack on the Colonial Pipeline, new efforts began in Congress to get companies to report to the government when they've experienced a cyberattack.
"The United States government is completely blind to what is happening. That just weakens our overall cyber posture across our entire country." Brandon Wales, acting director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency said in May.
Securing a reporting mandate for companies like Colonial is the "tip of the iceberg of what we need to do," Sen. Marco Rubio, R-Fla., said earlier this year.
But some companies choose not to share information with the government for fear that the leak-prone government won't protect their data which could lead to embarrassing or actionable revelations.
Biden said in May that the government may have to play a more significant role in boosting cybersecurity defenses in the private sector.
"It's becoming clear to everyone that we have to do more than is being done now," Biden said.