Rep. Yvette Clarke (D-NY), chair of the Cybersecurity, Infrastructure Protection and Innovation subcommittee, said building trust with critical infrastructure entities was fundamental to expanding information sharing between the public and private sectors.
(Image credit: Lev Radin / Shutterstock.com)
Rep. Yvette Clarke (D-N.Y.), who chairs a key cybersecurity subcommittee in Congress, said Tuesday that improved information sharing between the public and private sectors was critical to combat the rise in ransomware attacks seen in recent months.
"So much of our critical infrastructure is within the private sector, that it's important that we bring all stakeholders to the table to really get at the heart of what makes most sense," the congresswoman said at The Hill's cybersecurity summit on Tuesday.
Clarke is sponsoring the bipartisan State And Local Cybersecurity Improvement Act, which would create a $500 million grant program within the Department of Homeland Security to help boost funding at the state, local and tribal levels for cybersecurity initiatives, and would also establish a State and Local Cybersecurity Resiliency Committee.
There's momentum building on Capitol Hill for more sweeping cybersecurity legislation to mandate breach reporting for critical infrastructure companies and private companies of a certain size.
A bipartisan bill that passed out of the Senate Homeland Security and Government Affairs Committee would require covered companies to report incidents to Cybersecurity and Infrastructure Security Agency within 72 hours of discovery. A separate bipartisan bill offered by leaders on the Senate Select Committee on Intelligence sets a 24-hour clock for reporting.
Clarke didn't say whether she supported the 24-hour or 72-hour requirement, instead stressing the importance of private entities immediately identifying and addressing cyber intrusions, while building trust to expand and advance information sharing procedures.
"There's a divergence of thought about what is the best way to get the private industry in particular to do their reporting" on cyber-related incidents, Clarke said. "We recognize that in cyberspace it is critical that we build that trust, and create a space where entities feel safe in reporting to us what is taking place."