About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (May 24, 2021)

handle is hein.crs/govedkx0001 and id is 1 raw text is: Congressional ~.Research Service Critical Infrastructure Policy: Information Sharing and Disclosure Requirements After the Colonial Pipeline Attack May 24, 2021 The ransomware attack against the Colonial Pipeline Company spurred panic buying and fuel shortages along the Eastern Seaboard. Although the attack did not target pipeline control systems, it forced the temporary suspension of fuel shipments via a major pipeline network, according to a company statement. The Biden Administration announced Executive Order (E.O.) 14028 (the EO), Improving the Nation's Cybersecurity on May 12, 2021, framing it as a response to the pipeline incident and other recent cyberattacks. While the EO creates requirements that apply to federal agencies and government contractors, the Administration hopes that these actions will have a secondary effect of improving cybersecurity among critical infrastructure companies. An official, briefing reporters about E.O. 14028, said, Anybody doing business with the U.S. government will have to share incidents so that we can use that information to protect Americans more broadly. Asked whether the Administration would support congressional efforts to expand information sharing and incident reporting requirements to a broader set of private companies, perhaps starting with critical infrastructure, such as Colonial, the official responded, Absolutely. Using actions aimed at federal agencies to drive critical infrastructure security and resilience (CISR) departs from the policy framework first instituted in the late 1990s and subsequently expanded. The 1998 Clinton Administration executive action, Presidential Decision Directive-63, Critical Infrastructure Protection, established a framework for public-private partnerships across several designated critical infrastructure sectors. The directive stated that these partnerships should be genuine, mutual and cooperative, and that market incentives would be the first choice for addressing the problem of critical infrastructure protection, with regulation used as a last resort in the case of a material market failure affecting the health or safety of Americans. Successive administrations have built upon this partnership and incentive based approach to private sector information sharing and disclosure activities, even as CISR activities have grown and matured. The 2013 National Infrastructure Protection Plan (NIPP), which provides high-level CISR policy implementation guidance to federal departments and agencies, envisions the growth of public-private partnerships in a Congressional Research Service https://crsreports.congress.gov IN11683 CRS INSIGHT Prepared for Members and Committees of Congress

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most