Democrats accused GOP of scuttling incident reporting in massive defense bill

U.S. Capitol

Congressional Democrats on Tuesday blamed Republicans for axing language in the annual defense policy bill that would have mandated reporting of cyberattacks and ransomware payments.

House and Senate negotiators unveiled a compromise version of the National Defense Authorization Act. It excludes bipartisan legislation that would have required critical infrastructure operators and certain government contractors to report such incidents to the Cybersecurity and Infrastructure Security Agency (CISA) no sooner than 72 hours after they occurred.

The legislative push had earned the support of top Biden administration officials, who viewed it as a necessary step after a year marked by major hacks, including the sweeping SolarWinds breach and the ransomware attacks on the Colonial Pipeline and meat processing giant JBS.

“I am disappointed Senate Republican leaders blocked these commonsense provisions that have broad bipartisan support,” Senate Homeland Security Committee Chair Gary Peters (D-Mich.) said in a statement.

“We need urgent action to tackle the serious threat posed by cyberattacks, and by blocking our bipartisan reforms, Senate Republican leaders are putting our national security at risk,” he added.

A Senate aide put the blame squarely on Senate Minority Leader Mitch McConnell (R-Ky.).

In recent weeks GOP support had coalesced around an alternative measure from Sen. Rick Scott (R-Fla.) that limited ransom payment reporting to critical infrastructure owners.

In a statement, Scott spokesman McKinley Lewis described reports that the Florida Republican had helped to remove the incident reporting language as “patently false.”

“After hearing last night that a deal had been reached to change the amendment and make Senator Scott’s proposed change, which was supported by CISA, we were surprised and disappointed to see it left out of the NDAA language released by the House today,” according to Lewis.

A spokesman for McConnell did not immediately respond to requests for comment.

House lawmakers also accused Senate Republicans of stripping the measure from the must-pass policy bill, which authorizes $768 billion for national defense programs.

“There was dysfunction and disagreement stemming from Senate Republican leadership that was not resolved until mid-morning today — well past the NDAA deadline,” Homeland Security Committee Chair Bennie Thompson (D-Miss.) and Rep. Yvette Clarke (D-N.Y.), who leads the panel’s cyber subcommittee, said in a joint statement. 

“We had hoped to mark the one-year anniversary of the discovery [of] the SolarWinds supply chain attack by sending cyber incident reporting legislation to the president’s desk. Instead, Senate Republican leaders delayed things so significantly that the window closed on getting cyber incident reporting included in the NDAA,” they added.

The House is expected to vote Tuesday night on the compromise defense bill. It will then go to the Senate for final passage before heading to President Joe Biden’s desk for his signature.

The post Democrats accused GOP of scuttling incident reporting in massive defense bill appeared first on The Record by Recorded Future.

Article Link: Democrats accuse GOP of scuttling incident reporting in massive defense bill - The Record by Recorded Future