The Biden administration said Thursday it wants the legal authority to fine companies that do not cooperate with the government on information-sharing to protect against cyberattacks on critical infrastructure.
Congress is considering proposals to force certain critical infrastructure entities to report cyberincidents, such as hacks and attacks, and is considering several different enforcement approaches.
Issuing subpoenas to get the information needed to stop cyberattacks would take too much time, said Cybersecurity and Infrastructure Security Agency director Jen Easterly at a Senate hearing.
“I think that we should look at fines,” Ms. Easterly told the Senate Homeland Security and Governmental Affairs Committee. “Fines are obviously used across industries; I just came from 4 1/2 years in the financial services sector where fines are a mechanism that enable compliance and enforcement.”
National Cyber Director John C. Inglis told the Senate panel he strongly shared Ms. Easterly‘s view of inflicting financial costs on uncooperative companies.
“We, of course, don’t want to impose an unfair burden on the victims, but this information is essential for the welfare of the whole,” Mr. Inglis said. “There should be rewards for good behavior.”
Ms. Easterly and Mr. Inglis are two-thirds of the new national leadership appointed by President Biden to oversee America’s cybersecurity, alongside Anne Neuberger, the top White House official for cyber issues.
The duo testifying before Congress on Thursday struck a confident tone especially compared to their previous testimony before the Senate.
During a June hearing on his nomination, Mr. Inglis told the Senate he did not think it was clear that the federal government had a unifying cyber strategy or that it was working if it existed.
On Thursday, Mr. Inglis said the Biden administration has strategies to defend its critical infrastructure and defended the government’s approach to fighting ransomware attackers.
He said the strategy includes four parts: disrupt the attackers and their infrastructure, promote resilience, address the use of virtual currency by cyberattackers, and to do these things as part of broad international coalitions.
Ms. Easterly also struck a self-assured tone and said her agency’s “superpower” was rapid information sharing.
After approximately 73 days on the job, she said, she is focused on making her agency the world’s premier cyber and infrastructure defense agency.
When Sen. Tom Carper, Delaware Democrat, invoked the movie “Ghostbusters” regarding who to call in the event of a cyberattack, Ms. Easterly answered quickly.
“I think we’re the new ‘Ghostbusters’ actually sir,” she said.