Security News > 2024 > February > IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks

The Information Technology Industry Council, which represents a laundry list of heavy hitters, expressed dissatisfaction over the proposed reporting rules, describing them as adding "Another hue of color to the kaleidoscope of incident reporting regimes" being passed by the US federal government of late.

ITIC said the eight-hour reporting requirement was "Unduly burdensome and inconsistent" with other reporting rules, adding that the 72-hour update period "Does not reflect the shifting urgency throughout an incident response."

There's room to debate some of the complaints raised by commenters, but one thing's for certain: Uncle Sam's cyber incident reporting rules are growing in number - and each set of regulations is different.

Congressional representatives have expressed discontent with the SEC's reporting rules and introduced a bill to kill its reporting requirement - citing too short a deadline and the fact that incident reporting should fall under CISA's purview.

All of these various reporting requirements are likely to lead to what the ITIC describes as "Misalignment" among reporting requirements, with the council calling for "The establishment of one authoritative incident reporting process across the federal government and regulated sectors."

"The rule should identify one coordinating agency, ideally CISA [which] should be the focal point for all reporting and subsequent investigations," Bitko added, echoing calls from other commenters and representative Andrew Garbarino, who introduced a House bill to kill the SEC's reporting requirements.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/08/us_tech_industry_changes/