In response to recent attacks on SolarWinds, which impacted government agencies and the Colonial Pipeline, the U.S. senate has unveiled the bipartisan Cyber Incident Notification Act, which would require companies to inform the government of a hack.
Within the existing legal structure there is currently no federal requirement that individual companies disclose when they have been breached. The concern with this is it leaves the U.S. vulnerable to criminal and state-sponsored hacking activity.
Under the new law, this will require federal government agencies, federal contractors, and critical infrastructure operators to notify the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when a breach is detected.
Upon notification federal agencies will be able to mobilize in order to protect critical industries across the country.
This is part of the U.S. government’s efforts to combat cyberattacks. Other attempts include the Justice Department creating a new task force dedicated to rooting out and responding to the growing threat of ransomware earlier during 2021.
According to new analysis from Ric Longenecker, Chief Information Security Officer at Open Systems, the new measures are a step in the right direction and the formulation of the latest bill was an inevitability.
Longenecker tells Digital Journal: “It’s no surprise that new government legislation is being proposed given the severity of recent high-profile cyberattacks and their real — and potential — impacts on our daily lives.”
He adds that: “Recent guidance from the Department of Homeland Security and other agencies shows that we’re moving rapidly in this direction. This bill, like any new piece of legislation, will get off to a rocky start and take time to work its way through Congress.”
Overall, Longenecker is optimistic, stating: “This signals that it’s a good time for companies to find a cybersecurity partner and work through this together.”
Longenecker is hopeful for the new bill and its impact upon responses to future cyberattacks. The bill may not lessen the rate of attacks, but it could lead to a faster and more joined-up incident response.