The Senate Intelligence Committee is working on a bill to create mandatory reporting requirements of data breaches for the private sector. The bill aims to prevent future foreign cyber-attacks on critical infrastructure. The legislation has grown out of public and private hearings held by the committee following the SolarWinds breach, which the federal government was made aware of when FireEye voluntarily came forward to report the incident. Members of congress hope the bill will create an anonymous way for the private sector to report incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
There is not a definitive timeline for when the legislation will be introduced, and it remains to be seen what the full extent of the bill will be. That being said, it is a clear step in the right direction. Creating a more robust notification system will help both private, public, and government sectors quickly respond to potential cyberattacks. Binary Defense analyst will continue to monitor for updates on the legislation and if it mentions preventative measures as well as the reporting requirements.