Senators Introduce Bipartisan Cybersecurity Reporting Bill
- July 23, 2021
Senate Select Committee on Intelligence Chair Mark R. Warner (D-VA), along with Committee members Marco Rubio (R-FL) and Susan Collins (R-ME), introduced July 21 bipartisan legislation requiring federal agencies, government contractors, and critical infrastructure owners and operators to report cybersecurity breaches within 24 hours of their discovery.
The Cyber Incident Notification Act of 2021 would require covered entities to notify the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) when a breach is detected.
“After years of talk about how our nation needs a real public-private partnership for better cybersecurity, we finally have concrete and critical action . . . We can't track, or have any hope of stopping, foreign or domestic sources of cyber maliciousness unless we can find out about cyber problems quickly. This bill goes a long way in starting to solve the problem,” Glenn Gerstell, former National Security Agency General Counsel, said in a press release on the measure.
In order to incentivize the information sharing, the bill would grant limited immunity to companies that come forward to report a breach, and instruct CISA to implement data protection procedures to anonymize personally identifiable information and safeguard privacy.