The Akron Legal News

Login | March 28, 2024

Bipartisan hack reporting bill introduced in Congress

RICHARD WEINER
Technology for Lawyers

Published: July 30, 2021

Three Senators have are circulating a draft bill designed to report to the Department of Homeland Security in the event of a computer hacking incident in certain key industries, following the recent string of well-publicized hacks that shut down gas pipelines, meat processing plants, schools and hospitals, as well as the Solar Winds breach that reached across industries and government offices.
Senators Mark Warner (D-Va.), Marco Rubio (R-Fla.) and Susan Collins (R-Me.) are co-sponsoring the “CISA Breach Notification Bill” (ALB21A18 645). CISA stands for the “Cybersecurity and Infrastructure Security Agency” of the federal government.
The bill’s stated purpose is to “ensure timely Federal Government awareness of cyber intrusions that pose a threat to national security, enable the development of a common operating picture of national-level cyber threats, and to make appropriate, actionable cyber threat information available to the relevant government and private sector entities, as well as the public, and for other purposes.”
Specifically, the bill would mandate that security breaches be reported within 24 hours in certain industries, including companies in the energy, transportation, telecommunications and emergency response industries, as well as a number of other essential industries (CISA has a list of 16 critical infrastructure industries), governments agencies and government contractors.
As quoted in the Washington Post, Warner said that the country dodged a bullet in the Solar Winds hack, which originated in Russia. He said that if the Russians had decided to lock or damage the computers instead of just stealing data, “they could have brought our economy to a halt…. We need to pass domestic legislation to require when these cyber incidents take place that you report them to the government.” 
The proposed bill has two purposes. The first is to give Homeland Security a running start in trying to figure out if any one hack is a part of a patter like Solar Wind. The second is to simply let CISA know what hacks are happening—a topic it struggles with without a national law mandating this kind of reporting.
The bill proposes fines for not reporting these breaches, as well as other penalties that include barring government contractors from future contracts.
There is at least one other proposed bill on this topic in the Senate. As well, some security experts have some hesitation with the broadness of this particular bill. But Congress has to do something like this, and sooner is a lot better than later.


[Back]