The federal government continues to search for new strategies to fight the epidemic of cyberattacks on U.S. businesses and institutions, and on Wednesday a bipartisan group of senators introduced a bill that would require certain companies to report attacks to the government.
Democratic Sen. Mark Warner of Virginia, along with Republicans Sen. Marco Rubio of Florida and Sen. Susan Collins of Maine, introduced the Cyber Incident Notification Act, which would require federal government agencies, federal contractors and operators of critical infrastructure to notify the Department of Homeland Security when a breach is detected.
The bill would give companies limited legal immunity if they come forward to report an incident and would require the Cybersecurity and Infrastructure Security Agency, housed in Homeland Security, to make anonymous any personally identifiable information provided
A total of 15 Republicans and Democrats are co-sponsoring the legislation.
The bill comes on the heels of last year’s Solar Winds attack, which went unnoticed for months and threatened 18,000 companies and government agencies, and the Colonial Pipeline hack that led to widespread gasoline shortages in the U.S. Northeast.
Jim Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, told MarketWatch last month that the bill, which had been circulating in a proposal form, was a necessary first step to modernizing America’s cybersecurity defenses.
Mandatory reporting requirements are important because “the federal government has tremendous resources to help out with an incident, and in any sort of emergent situation, time is of the essence.”
It was also announced Wednesday that President Joe Biden and members of his national security team will meet next month with members of the business community to discuss the issue.