CTA, IA, ITI Outline Cyber Reporting Considerations
Congress should limit the scope of any cyber incident reporting legislation, CTA, the Internet Association, Information Technology Industry Council and 15 other industry groups wrote lawmakers Friday, before the House Cybersecurity Subcommittee’s Wednesday hearing on incident reporting. The Business Roundtable, BSA|The Software Alliance, ACT|The App Association, CompTIA, Software & Information Industry Association, TechNet and Telecommunications Industry Association also signed. Legislation should include reporting timelines no less than 72 hours, they wrote. Reporting should be limited to verified incidents and reporting obligations limited to victim organizations, they said. Hearing witnesses are: USTelecom Senior Vice President-Cybersecurity Robert Mayer, ITI Senior Vice President-Policy John Miller, Heather Hogsett, Bank Policy Institute senior vice president-technology and risk strategy for its technology policy division, FireEye Mandiant Vice President Ronald Bushar, and American Gas Association Managing Director-Security and Operations Kimberly Denbow.