At a glance.
- More reaction to the US Federal cyber reporting bill.
- India mulls lessons from Russia's hybrid war against Ukraine.
Further reaction to the Senate’s cyber reporting bill.
As we noted last week, the US Senate on Thursday passed a cyber incident reporting measure that will require operators of critical infrastructure to notify the Cybersecurity and Infrastructure Security Agency (CISA) within seventy-two hours of a cyberattack, or within twenty-four hours of a ransomware payment. Senate Homeland Security Committee Chair Gary Peters, who co-authored the bill, told the Record by Recorded Future that the timing of the legislation is no coincidence. “Critical infrastructure operators defend against malicious hackers every day, and right now, these threats are even more pronounced due to possible cyber-attacks from the Russian government in retaliation for our support of Ukraine.” The bill will now go to President Joe Biden to be signed into law. CISA will then have up to two years to propose a rulemaking process for implementing the program, but it’s possible that Russian aggression will motivate officials to expedite the process.
The Washington Post notes that the bill, along with the Securities and Exchange Commission’s new reporting rules for publicly traded companies, could allow the federal government to assume a more data-driven approach to national cybersecurity. Michael Daniel, president of the Cyber Threat Alliance industry group, explained, “The broad contours of what’s going on are known. But this will give us a much finer grained, higher resolution picture. It will allow us to differentiate between different industry sectors and see what the threat level really is.” In an official statement released on Friday, CISA Director Janet Easterly voiced the same sentiment. “CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting US networks and critical infrastructure,” she states. “This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.”
Russia’s hybrid war in Ukraine has India on edge.
As Russia continues to pummel Ukraine with attacks both physical and digital, Daiji World says India is concerned about the threat of similar cyber aggression from neighbors China and Pakistan. Last year, India's first Chief of Defense Staff General Bipin Rawat cautioned that cyberattacks from China could disrupt Indian systems and weaken the country’s defense infrastructure. Cyber law expert Virag Gupta warns that India, which depends on China and the US for many of its critical services, could fall prey to direct attacks as well as attacks on those service providers. What’s more, Pakistan and China have strengthened their digital partnerships, with Pakistan serving as a proxy for China-backed threat groups. "Chinese hackers frequently disrupt services and target the National Informatics Centre, the National Security Council, security agencies and various government departments,” Gupta explains. “Being heavily dependent on China and the US for telecom, power, transportation, electricity, communication, fintech and social media, India is vulnerable to direct and indirect cyber attacks.”