Mandates set new standard for ransomware reports in the transportation sector
A key component to fighting off cyber and ransomware attacks is reporting the incident as soon as possible. The longer an event goes unreported, the less experts and security teams can do to both mitigate the damage and prevent long-term issues. But even with the surge in ransomware attacks and provided guidelines, numerous enterprises and organizations do not report a breach incident.
New rules passed by the US federal government, however, will change that. A pair of security mandates will determine what an organization must report, within a certain timeframe. As of now, the mandates are specifically directed at critical transportation infrastructure. The key points and rules are as follows:
- Breached organizations must conduct readiness assessments to gauge the effectiveness of their cybersecurity models
- Assign available person(s) that can communicate with federal agencies
- Report a breach incident to federal agencies within 24 hours
- Have an incident response plan prepared
As far as requirements go, they’re minimal regulatory standards. Before the action passed, these were CISA guidelines that were optional to follow. Given the nature and severity of ransomware attacks, however, not enough information existed with few businesses reporting the nature of a cyber breach.
Industry representatives of the transportation sector rose concerns the mandates were too strict to be effective, in that reporting an incident within 24 hours reduced available personnel for the actual incident response. If true, improving the balance between reporting and response will become a defining factor of the new regulatory standards. For example, specifying the proper cyber incident to report prevents saturation of noise and non-useful information.
A precedent for the future
The nature and danger of cyberattacks are always increasing. As you’ve readily witnessed, attacks on critical infrastructure are just one of the various characteristics ransomware has. But now, federal agencies around the world are taking action to prepare modern infrastructure for improved responses.
This regulatory action, for now, is aimed at critical infrastructure. But it does signal a shift in reporting requirements. Responding to ransomware events as swiftly as possible is a key aspect of reducing losses and damages. And, as regulations for the federal sector increase, it’s likely a trend that will continue into the private sector.
But regardless of resilience against the changes, the mandates are still important. Even if not enforced through regulatory means, any private or federal entity should have a response plan in place. Backup options and methods for handling the fallout of a ransomware attack are important. Given the saturation of attacks and volume of damage it can cause, there’s no reason to downplay the threats.
From a future-proofing perspective, it also makes sense to have a standard ransomware response within an organization. If rules and regulations are introduced to the private sector, enterprises having done so will already be ahead of the curve.
Overall, this signals additional actions to further defend against ransomware attacks. The question is how effective the new mandates will be for overall improved responses.