U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

This week, U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government agencies, contractors, and operators of critical infrastructure to report cyber incidents to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours. The bill is a response to incidents like the SolarWinds and Colonial Pipeline hacks, which have put a fresh spotlight on the national security implications of cyber incidents and the need for greater information sharing. It expands on efforts by the Biden administration, such as the Executive Order on Improving the Nation’s Cybersecurity, to implement more expansive cyber breach notification requirements for entities that do business with the federal government. The bill, known as the Cyber Incident Notification Act of 2021, which has been previewed in the press for some time, has broad bipartisan and industry support and a strong chance of being enacted by Congress.

Read the full client alert.