US National Security officials believe a data breach notification law is the future of stopping massive cyber-attacks such as the SolarWinds hack. Deputy assistant director of the FBI, Tonya Ugoretz, stated during the 2021 RSA conference that such a law might also function as an alternative for government surveillance of private networks. Ugoretz believes a requirement to report data breaches should focus on organizations that deal with national security and critical infrastructure or a company that, if breached, could jeopardize U.S. government information. Ugoretz stressed that any reporting requirements should not burden an organization and any new laws need to be easy to follow.
Some policy makers believe intelligence agencies need to have oversite of private sector networks, while others believe a mandatory reporting law would suffice. The Biden administration announced an executive order last week that initiated plans for government contractors to report cyber-attacks. These debates and policy proposals have become a priority on Capitol Hill following recent massive cyber incidents such as the SolarWinds attack and the more recent Colonial Pipeline incident. It should be noted that national security officials recognized the irony of using SolarWinds as an example, as they demonstrated model behavior by voluntarily reporting the cyber incident to the U.S. government.