Leaders of the Senate Intelligence Committee and other bipartisan lawmakers introduced a new bill Wednesday that would require some companies to report hacking incidents to the government.
The Cyber Incident Notification Act comes after increased cyberattacks in recent months, which included the Colonial Pipeline ransomware attack in May.
The bill would require federal agencies, government contractors and critical national security groups — such as hospitals, utilities, financial services and information technology groups — to report incidents or attempts of cyber attack to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
Companies are not obligated to report cyberattacks, which creates a problem if the government’s own systems are affected by the hack.
A draft of the bill has been circulating in the Senate for the last month.
Senate Intelligence Committee Chairman Mark Warner, D-Va., Vice Chairman Marco Rubio, R-Fla., and committee member Susan Collins, R-Maine, are the primary sponsors of the bill.
“It seems like every day Americans wake up to the news of another ransomware attack or cyber intrusion,” Warner said in a statement Wednesday. “We need a routine federal standard so that when vital sectors of our economy are affected by a breach, the full resources of the federal government can be mobilized to respond to and stave off its impact.”
The bill would allow companies to report hacking incidents quickly and allow the government to act efficiently where needed.
Collins said in a press release that the bill was “common sense and long overdue."