The U.S. government is largely in the dark when it comes to ransomware attacks. The National Defense Authorization Act for 2022 moved closer to becoming law but does not include cybersecurity incident reporting legislation.
- Bob Bigman, founder of 2BSecure and former chief information security officer at the Central Intelligence Agency, said legislation requiring companies to report information about cyber attacks is essential because voluntary reporting is not likely to happen.
- Bigman said there has been historical mistrust in government storage of private data but that the government can provide companies a high degree of assurance with the right systems and processes.
- Forensic information from companies about cyber incidents is necessary for the Federal Bureau of Investigation to build cases and bring criminals to justice, Bigman said.