Lawmakers line up behind potential cyber breach notification legislation

Lawmakers line up behind potential cyber breach notification legislation

  • House lawmakers on both sides of the aisle expressed strong support Friday for legislation to put in place national breach notification requirements in the wake of a massive foreign cyber espionage attack.
  • FireEye CEO Kevin Mandia confirmed to the Senate Intelligence Committee earlier this week that FireEye was not legally required to reveal the cyber incident, and that many companies impacted as part of the Russian cyberattack had not come forward. 
  • Concerns that the federal government would still be unaware of the hack, one of the largest in U.S. history, have spurred efforts on Capitol Hill this week to address cyber incident reporting with legislation, an effort that has been ongoing for decades.
  • Legislation is already in the pipeline. House Foreign Affairs Committee ranking member Michael McCaul (R-Texas) announced Friday that he and Rep. Jim Langevin (D-R.I.), the chair of the House Armed Services Committee’s cybersecurity subcommittee, are working on a bill to create “mandatory breach notification.”
  • SolarWinds President and CEO Sudhakar Ramakrishna testified at the joint House hearing on Friday and urged Congress to consider designating or creating a federal group to take on compiling breach notification reports, with Clarke suggesting CISA.
  • “Having a single entity for which all of us can report to will solve the fundamental purpose of speed and agility in this process,” Ramakrishna said. “Information is very fragmented, and oftentimes the dots are not connected because they are separate.”

– Maggie Miller | February 26, 2021