A bipartisan group of 15 senators is pushing for legislation to force federal agencies, government contractors, and critical infrastructure entities to post violations of their cyber defenses.
Tough hacker attacks and attacks on federal networks and business disruptions, lawmakers are seeking a more practical approach to cyber security in the private sector through the “2021 Incident Reporting Act.”
The proposed law requires federal agencies and companies to report cyber intrusions to the Cyber Security and Infrastructure Security Agency within 24 hours of acknowledging a breach or suspected breach.
Senator Mark Warner, a Democrat from Virginia and chairman of the Senate Intelligence Committee, introduced the legislation with several other members of the intelligence committee, including the most important Republican committee, Senator Marc Rubio of Florida.
“We should not rely on voluntary reporting to protect our critical infrastructure,” Mr Warner said in a statement. “We need a common federal standard so that if disruption to key sectors of our economy is affected, all federal government resources can be mobilized to respond and avert its impact.”
Warner said SolarWinds, a computer network management software hacker, threatened nine federal agencies. The US government said Russia’s foreign intelligence service (SVR) was responsible for the attack.
The scale of hackers and attacks has grown since SolarWinds violations became public at the end of last year. In recent months, cyber-attackers have disrupted the major US fuel supplier Colonial Pipeline and a major meat producer, JBS, among many other targets outside the government.
The US government this week accused China of a series of malicious computer attacks and assaults. On Tuesday, the Biden government revealed that China had begun violating oil and gas companies nearly a decade ago so that China could develop the necessary capacity to disrupt US oil pipelines.
Rubio said forcing immediate notifications of cyber-violations would help the government track down the attackers.
“Cyber attacks against US businesses, infrastructure and government institutions are out of control,” Rubio said in a statement. “The US government must take decisive action against computer criminals and the state actors who hide them.” It is also very important that American organizations act immediately as soon as an attack occurs. “
This proposal has the support of both parties, but previous bills with similar objectives have failed in recent years. However, the new legislation has key co-sponsors outside the Intelligence Committee who hold other important positions in Congress, including Sen. Joe Manchin III, a West Virginia Democrat who oversees cyber security within the Senate Armed Services Committee, and Senator Jon Tester, Montana Democrat. chaired by the Subcommittee on Defense in the Senate.
Senator Susan Collins, a Maine Republican who co-founded the legislation, has been advocating laws for several years to increase communication between the federal government and the private sector. In 2012, together with former Senator Joe Lieberman, a Connecticut-independent senator, she unveiled a proposal that ran into an obstacle for Republicans who feared new regulations and the creation of new layers of bureaucracy.
Ms Collins said on Wednesday that she thought Congress could not afford to wait any longer for a solution to sharing information about cyber attacks.
“My 2012 bill would lead to better information sharing with the federal government, which would likely reduce the impact of cyber incidents on the government and the private sector,” she said in a statement. “Failure to accept the demanding requirement to report cyber incidents will only give our adversaries a greater opportunity to gather information about our government, steal intellectual property from our companies, and damage our critical infrastructure.”
• Guy Taylor contributed to this report.