[ad_1]
A bipartisan group of 15 senators is pushing laws to force federal agencies, state contractors and critical infrastructure organizations to disclose cyber defense breaches.
Fed up with a series of hacks and attacks hitting federal networks and disrupting businesses, lawmakers are taking a more hands-on approach to private sector cybersecurity through the “Cyber Incident Notification Act of 2021.”
The proposed law directs federal agencies and companies to disclose cyberattacks to the Cybersecurity and Infrastructure Security Agency within 24 hours of confirmation of a breach or suspected breach.
Senator Mark Warner, a Virginia Democrat and chairman of the Senate Intelligence Committee, introduced the law along with several other intelligence committee members, including Florida Senator Marco Rubio, the committee’s top Republican.
“We should not rely on voluntary reporting to protect our critical infrastructure,” Mr Warner said in a statement. We need a routine federal standard so that when vital sectors of our economy are affected by a breach, all the resources of the federal government can be mobilized to respond and neutralize its influence.”
Mr Warner referred to SolarWinds’ computer network management software hack that compromised nine federal agencies. The US government said the Russian Foreign Intelligence Service (SVR) was responsible for the attack.
The scale of hacks and attacks has grown since the SolarWinds breaches became public late last year. In recent months, cyber-attackers have US fuel supplier Colony Pipeline and major meat producer JBS, among many other non-government targets.
This week, the US government blamed China for a series of malicious cyberattacks and hacks. On Tuesday, the Biden administration announced that China began breaching oil and gas companies nearly a decade ago before China could develop the capability it needed to disrupt U.S. pipeline operations.
Mr Rubio said that prompt reporting of cyber breaches would help the government track down the attackers.
“Cyber attacks on American businesses, infrastructure and government institutions are out of control,” Mr Rubio said in a statement. “The US government must take decisive action against cybercriminals and the state actors that host them. It is also critical for American organizations to act immediately when an attack occurs.”
The proposal has bipartisan support, but previous bills with similar goals have failed in past years. However, the new law has key co-sponsors who hold other key positions in Congress outside of the intelligence committee, notably West Virginia Democrat Senator Joe Manchin III, who oversees cybersecurity on the Senate Armed Services Committee, and Senator Jon Tester of Montana. Democrat who leads the Defense Senate Appropriations Subcommittee.
One of the law’s co-sponsors, Maine Republican Senator Susan Collins has advocated for legislation aimed at improving communication between the federal government and the private sector for several years. In 2012, he presented a proposal to former Connecticut independent Senator Joe Lieberman, which was put off by Republicans concerned about new regulations and the creation of new layers of bureaucracy.
Ms Collins said on Wednesday she thinks Congress cannot wait any longer to address cyberattack information sharing.
“My 2012 bill would lead to better information sharing with the federal government that would reduce the impact of cyber incidents on both the government and the private sector,” he said. “Failure to enact a robust cyber incident reporting requirement will only give our enemies the opportunity to gather intelligence about our government, steal intellectual property from our companies, and damage our critical infrastructure.”
• Guy Taylor contributed to this report.
[ad_2]
Source link