Congress can help close this gap by enacting legislation to create a national standard for reporting cyber incidents that pose significant risk, she writes.
The Colonial Pipeline attack was not the first of its kind, nor the last. A few weeks later, JBS Foods — one of the world's largest meat distributors — suffered a similar attack. Shortly afterwards, criminals struck Kaseya, a global IT software provider. More needs to be done. Cybercriminals have increased the scale, scope and impact of their nefarious efforts. The simple fact is we cannot go at this problem alone. The growth of "ransomware-as-a-service" — allowing sophisticated hackers to sell or lease the tools needed for a ransomware attack to criminal customers — has reduced the technological skill needed to successfully conduct a ransomware attack.
Too often after a cyberattack, the victim company struggles with how, whether, and when to contact law enforcement. But if you have an intruder in your home you do not hesitate to call 911, and it is time to think about cyberattacks with the same instinctive response. Congress can help close this gap by enacting legislation to create a national standard for reporting cyber incidents that pose significant risk, including ransomware and incidents that affect critical infrastructure and their supply chains.