facebook linkedin twitter

Warner Contemplates Mandatory Cyberattack Reporting Bill

June 16, 2021 by Kate Michael
Sen. Mark Warner (D-Va.) speaking at The Open Markets Institute's conference in Washington, D.C., on October 11, 2018. (Michael Brochstein/Sipa USA/TNS)

WASHINGTON — The rise in profit-driven cyberattacks has prompted Senate Select Committee on Intelligence Chairman Mark Warner, D-Va., to contemplate a mandatory reporting bill so law enforcement can promptly take action on urgent threats.

Warner told Axios recently that he anticipates broad support for such upcoming legislation in light of recent events and since “our cyber vulnerabilities are now being felt by everyday Americans.”

“The Biden administration has moved aggressively, but they can only do a certain amount of things. Congress needs to act,” he said. 

The government has long been concerned about cyberattacks, like those on the Colonial Pipeline, Solar Winds, and on meat supplier JBS. But Warner suggests that now may be the time to take action since the pervasiveness of ransomware — and strikes increasing in number and scope — is starting to impact things consumers can feel.

“As these ransomware attacks’ ramp-up in volume and seriousness, it’s hitting home finally,” he said. And while people may have read about information being stolen in the past, when it impacts them directly, like with higher prices and supply chain delays, “it gets more personal.”

Warner has proposed to put forward a bill to require mandatory reporting of cyberattacks on critical infrastructure companies, federal contractors, and government agencies. 

“When we had this debate six or seven years ago, the business community did not want any additional mandatory reporting,” Warner said. “I think they now realize that they themselves are put in jeopardy if we don’t have mandatory reporting.” 

The bill could include limited immunity for businesses and methods to keep information confidential between the government and its private sector partners. 

Warner believes that mandatory reporting, both of cyber attacks and ransomware payments, could help law enforcement to take faster and better action when vulnerabilities are leveraged. 

“We’ve got to know mid-attack,” he said. “And we’ve got to set a level of international norms. This is not just a tax against American companies, the whole Irish healthcare system was shut down recently [by an attack]. 

“We need to make clear that if entities in [Russia and China] are attacking our critical  infrastructure they will pay the penalty.”

Warner said he fears that cyber threats are transitioning from simply stealing information to potentially “extraordinary destructive actions.” If instead of merely exfiltrating information, cybercriminals move to shut down systems and cripple economies, “that, to me, would be close to an act of war,” Warner said, “and we need to up our game.”

According to Warner, it won’t solve the whole problem, but “we will have a strong bipartisan incident report legislation out within the next couple of weeks.” 

Cybersecurity

November 22, 2021
by Kate Michael
Klobuchar Weighs in on CAP’s New Report on Tech Regulation

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More

November 13, 2021
by Victoria Turner
US Cyber Attack Defenses Assessed at Forum

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More

November 9, 2021
by Dan McCue
SolarWinds Sued By Shareholders Over Epic 2020 Data Breach

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

News From The Well
scroll top