Senator Recommends Mandatory Breach Reporting for Companies
Angus King, I-Maine, also said companies should go through hack testing to beef up security.
July 6, 2021 — Sen. Angus King, I-Maine, is calling for the crafting of new rules requiring companies to disclose when they’ve been breached in a hack, as cybersecurity attacks against private companies put defenses in the spotlight.
“Incident reporting should be mandatory, and there should be some liability protection if the rules are followed,” said King, who is a member of the U.S. Senate Select Committee on Intelligence. Currently, there is no federal data breach notification laws requiring companies to disclose whether they have been hacked.
King was speaking to Washington Post national security reporter Ellen Nakashima at an event last week to discuss emerging threats to private and government data systems.
High-profile cyberattacks, including against software company SolarWinds and oil transport company Colonial Pipeline, has put a focus on these types nefarious crimes and their ability to cripple important infrastructure in the country.
King said he believes that with most cybersecurity attacks taking place against the private sector, a new form of relationship should be required with the federal government.
And although hack testing is increasingly becoming common in some sectors like financial services, they are far from being utilized throughout industries, he noted.
King said he strongly advocates that such new rules should be a joint effort with the Geneva Convention for Cyber War. It’s the type of international cooperation that others have recommended between countries.
King suggested that critical industries should be required to undergo live cybersecurity testing by ethical hackers.
“There’s nothing like skull and crossbones coming up on the CEO’s desktop to let them know how vulnerable they are,” he said.
Secretary of Commerce Gina Raimondo said the department is committed to funding solutions to technology threats, and President Joe Biden in May signed an executive order to improve U.S. cybersecurity capabilities.
Last month, Biden spoke with Russian President Vladimir Putin in Geneva, warning him of cyber-attacks, including ransomware, stating that if the Russian government continues to violate basic norms, the United States will respond in a way that serves as a deterrent. It is believed that the Russians were behind at least the SolarWinds hack.