Members of the Cybersecurity Advisory Committee of CISA (Cybersecurity and Infrastructure Security Agency) have proposed an emergency cybersecurity call line for small and medium-sized businesses (SMBs). Should the proposition be approved, SMBs would be able to call 311 in the event of a cybersecurity incident.
CISA’s cyberhygiene subcommittee head, George Stathakopoulos, originally floated the idea that CISA should “launch a 311 national campaign, to provide an emergency call line and clinics for assistance following cyber incidents for small and medium businesses.” The communications subcommittee also floated a similar idea.
CISA and other cybersecurity experts have pushed for more robust incident response reporting. In March, President Joe Biden signed the Strengthening American Cybersecurity Act, a cyber incident reporting bill requiring critical infrastructure operators to report a breach to CISA within 72 hours, and 24 hours if they made a ransomware payment.
CISA Executive Assistant Director for Cybersecurity Eric Goldstein bemoaned how damaging it is for CISA to have little data over ransomware attacks in the US. Speaking to attendees in RSA, Goldstein was quoted saying:
“A tiny fraction of ransomware infections are reported to the government and the problem is getting worse because we don’t even know what that actual number is. We have no idea the actual denominator of ransomware instructions that are occurring across the country on any given day.”