Bipartisan bill would require critical infrastructure operators to report cyberattacks
WASHINGTON (SBG) — A bill introduced in the Senate would require federal agencies and other entities that run critical infrastructure to report cyberattacks within 24 hours of discovering them.
The bipartisan effort is being led by lawmakers on the Senate Select Committee on Intelligence, with multiple co-signers of both parties. It comes after a series of ransomware attacks that have impacted American businesses and federal agencies in recent months.
“It seems like every day Americans wake up to the news of another ransomware attack or cyber intrusion. The SolarWinds breach demonstrated how broad the ripple effects of these attacks can be, affecting hundreds or even thousands of entities connected to the initial target,” said Sen. Mark Warner, D-Va., the chairman of the Senate intelligence committee.
The Cyber Incident Notification Act would allow the federal government to mobilize quicker following a cyber intrusion by requiring them to be reported. Currently, there is no requirement for companies to disclose they have been breached, which experts say leaves the nation vulnerable to further hacks.
“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Warner said. “We need a routine federal standard so that when vital sectors of our economy are affected by a breach, the full resources of the federal government can be mobilized to respond to and stave off its impact.”
The bill would require federal agencies and contractors, as well as companies who operate critical infrastructure, to notify the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security.
“The longer an attack goes unreported, the more damage can be done. Ensuring prompt notification will help protect the health and safety of countless Americans and will help our government track down those responsible,” Sen. Marco Rubio, R-Fla., said in a statement.
Critical infrastructure is defined as systems and assets that are so important that their disruption or destruction would have a debilitating impact on U.S. national security, economic stability or public safety.
President Joe Biden and Congress have vowed to take steps to combat malicious foreign actors from continuing to attack the country’s critical infrastructure.
Earlier this week, DHS issued new requirements for U.S. pipeline operators following a May ransomware attack that disrupted fuel delivery along the East Coast. The Biden administration has also accused Russia of granting safe haven to criminal cyber gangs and imposed sanctions over hacking charges.
