"CISA, FBI Need Data from Cybercrime Victims to Support Policy"

Federal entities at the forefront of policing cybercrime and ransomware in the US urge organizations to continue reporting cyber incidents to help fill data gaps. Recent executive actions call for a stricter approach to penalizing ransomware incidents. Leaders from the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) and FBI spoke at a recent George Washington University Business and Policy Forum about ongoing government initiatives to continue countering and preventing zero-day cyber incidents. CISA's CSO Valerie M. Cofield and the FBI's Cyber Division Section Chief David Ring discussed a data gap in the larger picture of the current cyber threat landscape and how sharing incident information contributes to the national security goal of strengthening digital networks. Ring reiterated that victim reporting is crucial and that federal agencies overseeing cybercrime in the US still have much work to do to close the gap regarding what is reported, what is actually seen, and what is occurring in the wild. The Cyber Incident Reporting for Critical Infrastructure Act, which became law in 2022, offers promise for CISA and the FBI's efforts. This legislation requires public and private sector entities to report any cyber incident. Cofield commented that while this is a step in the right direction, collecting the necessary data may take several years following the bill's passage. This article continues to discuss the importance of collaboration and data sharing to protect US digital networks.

NextGov reports "CISA, FBI Need Data from Cybercrime Victims to Support Policy"