Saturday, May 29, 2021

CRS Report on Information Sharing and Disclosure Requirements

This week the Congressional Research Service (CRS) prepared a report for Congress on “Critical Infrastructure Policy: Information Sharing and Disclosure Requirements After the Colonial Pipeline Attack”. The Report looks at the apparent change in information sharing philosophy embodied by the attempt by the Biden Administration to require cybersecurity incident reporting under EO 14028.

The short report (2 pages) does not draw any conclusions, but it does outline the history of voluntary information sharing between privately owned critical infrastructure and the federal government. Anyone that wants to understand the impending debate in Congress on authorizing cybersecurity information reporting mandates needs to understand this history.

Interestingly, this report was prepared before TSA published their Security Directive 01-21 mandating that pipeline operators report cyberattacks on their operations and information systems.

No comments:

/* Use this with templates/template-twocol.html */