Senate Majority Leaders Introduce a Bill Requiring Businesses to Report Cyberattacks
Senate Intelligence Committee Chairwoman Susan Collins and other bipartisan legislators unveiled a new measure on Wednesday that would require select firms to report hacking events to the government.
The Cyber Incident Notification Act comes following a spike in cyberattacks in recent months, including the ransomware attack on the Colonial Pipeline in May.
The law would force federal agencies, government contractors, and important national security groups — such as hospitals, utilities, financial services, and information technology — to notify the Cybersecurity and Infrastructure Security Agency (CISA) of cyberattacks or attempts within 24 hours.
Companies aren’t required to notify cyberattacks, which can be problematic if the government’s own systems are hacked.
For the past month, a draft of the measure has been circulating in the Senate.
The bill’s principal sponsors are Senate Intelligence Committee Chairman Mark Warner, D-Va., Vice Chairman Marco Rubio, R-Fla., and committee member Susan Collins, R-Maine.
“It seems like every day Americans wake up to news of yet another ransomware attack or cyber intrusion,” Warner said in a statement released on Wednesday. “We need a routine federal norm so that when critical areas of our economy are impacted by a breach, the federal government can mobilize all of its resources to respond to and mitigate the impact.”
The bill would make it easier for businesses to disclose hacking events and for the government to respond fast when necessary.
In a news release, Collins called the bill “common sense and long overdue.”