WASHINGTON – Today, ITI Senior Vice President of Policy and General Counsel John Miller presented the global tech industry’s perspective on cyber incident reporting and related legislation. In testimony before the U.S. House of Representatives Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation, Miller provided key recommendations to improve the United States’ digital resilience and security and to guide lawmakers as they seek to develop an effective and efficient cybersecurity incident reporting regime.
“The SolarWinds compromise and the latest wave of damaging ransomware attacks, along with other recent cyberattacks, serve as an important reminder that the cyber threat landscape is constantly evolving and that we need innovative new policy ideas to help confront the emergence of new threats,” Miller said in his testimony. “We have seen policymakers increasingly consider incident reporting as a potentially appropriate tool to improve government’s ability to leverage its resources towards not only helping victim organizations recover from incidents, but ideally to help protect others from similar threats or vulnerabilities. If narrowly scoped and carefully crafted, we believe that an incident reporting regime can help improve the nation’s digital resilience and security.”
ITI recently led 17 groups representing the tech, telecom, and broader U.S. business industries on a letter to U.S. Congressional leaders outlining key priorities for developing effective cyber incident reporting legislation to ensure the efficient use of the limited resources of federal agencies, enabling regulatory compliance, providing liability protections, and advancing national cybersecurity interests.
In July, ITI published Principles for Security Incident Reporting in the U.S., first-of-their-kind recommendations designed to help inform U.S. policymakers as they seek to develop a security incident notification regime.
Read Miller’s testimony here.
Watch the hearing, Stakeholder Perspectives on the Cyber Incident Reporting for Critical Infrastructure Act of 2021, here.