Tag: requiring | SpinSafe

Lawmakers mull measure requiring public agencies to report cybersecurity incidents

March 23, 2022/in Computer Security

Lawmakers advanced a measure Monday that would require public agencies to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness.

Mandated reporting would allow authorities to have a statewide strategy in helping agencies more quickly and effectively respond to and recover from such attacks, said Michael Geraghty, the state’s chief information security officer and director of the Office of Homeland Security and Preparedness’ cybersecurity office.

Geraghty testified Monday before the Senate Law and Public Safety Committee, which unanimously advanced the bill sponsored by Sen. Linda Greenstein (D-Middlesex).

State government computer networks get attacked 10 million times daily, Geraghty said. His office scours the dark web for compromised credentials from New Jersey’s public and critical infrastructure agencies and has detected more than 23,000 compromised credentials (such as a state employee’s email and password) being used since May 2020, he said.

Russian cyberattacks also are on the rise, prompting a White House warning this week that companies and agencies should be on guard as Russia retaliates for U.S. sanctions over its invasion of Ukraine.

“We’re not going to prevent every attack from happening, just like we’re not going to prevent hurricanes or tornadoes or other types of natural disasters, but we want to make New Jersey more resilient to these attacks,” Geraghty said.

Under the bill, all public agencies would have to report incidents within 72 hours. The state Office of Homeland Security and Preparedness would create a central database of threats statewide, with the goal of sharing threat intelligence that can help agencies reduce risks and improve preparedness and response.

The bill also would require the office to annually report cybersecurity incidents, responses, and trends to the Attorney General’s Office.

“It’s a global community online, and it’s a global fight,” said Ryan Hoppock, deputy director of the New Jersey Regional Computer Forensics Laboratory.

Everything is more connected digitally than ever before, Geraghty said, from intelligent traffic systems to…

Source…

Federal Agencies Consider Requiring Reporting Of Computer Security Incident | Ballard Spahr LLP

December 22, 2020/in Computer Security

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents that could result in a banking organization’s inability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of a banking organization, or impact the stability of the financial sector, the banking organization must notify its primary federal regulator no later than 36 hours after determining an incident has occurred. Additionally, service providers to banking organizations would be required to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.

By requiring notice of these computer security incidents, the proposed rule broadens the type of reportable events that banking organizations and their service providers are required to report to federal agencies. The agencies stated that, “current reporting requirements related to cyber incidents are neither designed nor intended to provide timely information to regulators regarding such incidents.” Specifically, the agencies noted that the filing of Suspicious Activity Reports under the Bank Secrecy Act do not provide the agencies with sufficiently timely information about every notification incident, and notices under the Gramm-Leach-Bliley Act focus on incidents that result in the compromise of sensitive customer information and do not include the reporting of incidents that disrupt operations.

Comments on the proposal must be received within 90 days of publication in the Federal Register.

Source…

North Carolina proposes law requiring data breaches to be reported in 15 days

January 14, 2018/in Internet Security

North Carolina proposes law requiring data breaches to be reported in 15 days Healthcare IT News

Full coverage

data breach – Google News

Senator to file bill requiring border agents to get a warrant before searching phones

February 23, 2017/in Internet Security

In moments of optimism, I’d like to believe there is still some common ground upon which liberals and conservatives – even supporters of President Trump – can stand with firm resolve. One such patch should be ensuring privacy protections for the digital devices and sensitive personal information of all U.S. citizens when they pass through border checkpoints.

Toward that end, U.S. Sen. Ron Wyden, D-Ore., has signaled his intention to file legislation that would require customs and law enforcement agencies to acquire a warrant before compelling access to a U.S. traveler’s electronic device and also prohibit the growing practice of demanding social media identities and passwords. In a letter to John Kelly, director of homeland security, Wyden poses the following questions:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara

Tag Archive for: requiring