A call between the Cybersecurity and Infrastructure Security Agency and 13,000 private cybersecurity workers revealed frustrations and confusion regarding federal cyberattack reporting policies, reported The Washington Post March 28.
Agency Director Jen Easterly encouraged the private sector to lower its threshold for reporting anomalous activity given the current increased threat of security breaches stemming from the war in Ukraine. She acknowledged the hesitancy to do so, given the role of corporate lawyers to deal with such breaches as well as burnout during this time of hypervigilance.
Critical industry operators also expressed confusion as to which agency to disclose hacks to and how to do so, with some citing lack of communication between various government entities. They also expressed frustration about access to classified information, with many stating they have been denied access to important information given their citizenship status or security clearance. Others asked the agency for more resources to test their cyberdefenses, to which Ms. Estearly replied they're working on.
A recording of the three-hour call, arranged in light of recently announced cyberthreats linked to Russia, was posted publicly by Ms. Easterly but was then removed after 48 hours alongside an apology from the director. Ms. Easterly explained that the call was posted because she believed useful information was discussed, but taken down because participants weren't aware the call would be shared.