There is bipartisan support in the U.S. Senate for a law requiring critical infrastructure firms to report a cybersecurity incident.
Three top U.S. security officials are suggesting fines for non-compliance. Critical infrastructure firms cover a broad swath of the economy, including telecommunications, chemical, energy, financial services, healthcare and other industries.
Sen. Gary Peters, D-Mich., and Sen. Rob Portman, R-Ohio, are working on legislation requiring critical infrastructure companies hit by a significant cyberattack to report it to the Cybersecurity and Infrastructure Security Agency (CISA). No federal cyber incident reporting requirement exists, though most states implement their own requirements for reporting situations.
Peters said recent cybersecurity incidents like SolarWinds and the Colonial Pipeline, as well as the growing number of attacks against critical infrastructure facilities such as hospitals, water treatment plants and food processing facilities, is prompting a need for a national cyber incident reporting law. Peters announced the legislative proposal