DHS wants to streamline victim reporting of cyberattacks, warns bureaucracy is getting in the way

The Department of Homeland Security is recommending federal officials change the way victims disclose cyberattacks by creating a single portal for reporting rather than the current process that has several different agencies acting as the primary point of contact.

This and other changes to the cyber incident reporting process were detailed to Congress in a new report from a DHS task force.
Homeland Security Secretary Alejandro Mayorkas said his team’s recommendations are designed to assist the government’s understanding of digital attacks and help victims.

“In the critical period immediately following a cyberattack our private sector partners need clear, consistent information-sharing guidelines to help us quickly mitigate the adverse impacts,” Mr. Mayorkas said in a statement.
The single-portal reporting process and other changes are needed, according to the report, to prevent federal bureaucracy from further harming those suffering from dangerous hacks.

“Many agencies have invested in their own incident reporting portal or are still leveraging email or phone systems to report incidents,” the report said.

The different approaches to responding and recovering from cyberattacks not only create problems for federal officials but also for victims working to recover, according to Robert Silvers, Department of Homeland Security undersecretary for policy.

“Federal agencies should be able to receive the information they need without creating duplicative burdens on victim companies that need to focus on responding to incidents and taking care of their customers,” Mr. Silvers said in a statement.

Other recommendations in the report include defining which cyber problems need reporting and creating a timeline for when to disclose information.

“These recommendations can improve our understanding of the cyber threat landscape, help victims recover from disruptions, and prevent future attacks,” Mr. Mayorkas said.

Among the reasons such solutions are not already happening include procedural and funding issues surrounding the rules for making such changes and obtaining the resources necessary to get it done, according to the report.