Consumer Electronics Daily was a Warren News publication.

Cyberattack Reporting Policies Need to Be ‘Carefully Crafted’: ITI

New global “policy regimes” embracing cybersecurity incident reporting are a “potentially appropriate tool to provide greater visibility” into cyberattacks -- if “carefully crafted,” said the Information Technology Industry Council Monday. It urged policymakers to heed new recommendations “on limiting incident reporting to confirmed or verified incidents.” ITI asked security authorities to craft policies that “allow for at least a 72-hour reporting window after an entity has verified an incident” and to limit incident reporting “to confirmed or verified incidents.” Effective reporting regimes also need to “establish or maintain appropriate liability protections and ensure information provided is exempt from public disclosure,” said ITI. It seeks measures that “ensure confidentiality and appropriate protections around sensitive information shared with or by competent authorities within the government, including against regulatory use.” Senate Homeland Security Committee Chairman Gary Peters, D-Mich., hopes soon to introduce bipartisan legislation that would require critical infrastructure owners and operators to report “significant” cyberattacks (see 2109230065).