A draft bill being circulated by Democratic and Republican senators would require companies in critical industry sectors to notify the Department of Homeland Security within 24 hours of a hack. It would apply to companies in energy, transportation, telecommunications and emergency services as well as a dozen other sectors.
If that breach had gone unnoticed and Russia had decided to lock or damage computers rather than simply steal information from them, “they could have brought our economy to a grinding halt,” Warner warned in a Washington Post Live event this week.
It also comes after the massive SolarWinds breach, which officials have tied to the Kremlin and that compromised hundreds of companies and several government agencies. The scope of that attack might never have been known if not for the fact that the cybersecurity company FireEye discovered that it was a victim and notified the government, prompting a broader investigation.
First, it would give DHS’s Cybersecurity and Infrastructure Security Agency a better chance of piecing the clues together if and when there’s another SolarWinds-level hack that affects national and economic security.
The Transportation Security Administration implemented a similar mandate for pipelines in the wake of the Colonial Pipeline ransomware attack, which disrupted gas supplies in the southeastern United States.
- The race is on to make committed companies more accountable to government
- Check all news and articles from the latest Security news updates.