The Cyberspace Solarium Commission proposed a “bargain” between representatives of government and private industry: that operators of critical infrastructure should get some protection from liability and access to government resources, in exchange for reporting cybersecurity incidents to CISA. However, a political split has emerged over whether such reporting should be voluntary or mandatory. Representative John Katko (R-NY)—ranking member of the House Homeland Security Committee—favors the former, but committee members Representative Jim Langevin (D-RI)—a leading member of the Commission—and Representative Yvette Clarke (D-NY) favor the latter in negotiations over Katko’s new legislative proposal.
Also under discussion is the possible inclusion of cloud service providers in the definition of “systemically important critical infrastructure.” Although an Obama executive order excludes “commercial information technology” from being listed as such, the foundational role of services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform has put them on the table.
Source: