Uncle Sam wants full access to its suppliers IT systems — and unsurprisingly, they are not happy
Thursday, February 8, 2024
The Information Technology Industry Council (ITIC) which represents tech giants such as Apple, Samsung, and Microsoft, criticized the enforced disclosure deadline as “unduly burdensome” and stating that the 72 hour update frequency “does not reflect the shifting urgency throughout an incident response.”
Talking to TechRadar Pro, Dr Ilia Kolochenko, CEO and Chief Architect at ImmuniWeb and Adjunct Professor of Cybersecurity and Cyber Law at Capital Technology University, commented, “If the proposed amendment comes into force, it will likely bring more troubles than benefits. While the underlying concept of accelerating and solidifying incident response makes perfect sense, it seems to be abstracted from the operational environment.
“For instance, it is highly unlikely that the CISA will have enough personnel to review an avalanche of data breach submissions within the novel eight-hour deadline. Instead, snowballing data breach reports will be piling up, driving CISA’s analysts crazy with the insurmountable volume of work. Likewise, getting access to the breached companies may be a good idea subject to the availability of DFIR experts having enough time to perform investigations.
“Additionally, the CISA, as a nationwide collector of valuable cyber intelligence, will become a high-priority target for sophisticated state-backed cybercriminals. Therefore, unless the CISA and all other federal agencies are confident that they can properly address the new volume of information, as well as timely investigate and then prosecute most important security incidents, this amendment may rather create a huge mess and weaken national cybersecurity.” Read Full Article