Two senators floated the idea this week of a mandatory reporting requirement for cyberattacks in the US. Both Democrats and Republicans appeared open to the idea. Among other suggestions, Senators mentioned creating a public-private entity to handle reports, coordinating with law enforcement on attacks, and possibly liability protection for victim companies that report attacks.
These are very preliminary ideas, not formal legislative proposals. They were raised in the context of a hearing to investigate the hack on SolarWinds, which affected multiple federal agencies and national security entities. There would be quite a lot of work required -- and presumably a lot of resistance among the business community -- if the US were to consider mandatory reporting legislation. Nevertheless, this kind of proposal is an indication that Congress is paying attention to cyber issues and may be open to new approaches.
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-19-20-09-31-066-673cf07b25126ee9da0b49bb.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-09-02-16-51-11-418-66d5ecff75128dc1466c94ac.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-15-14-55-15-714-673760d3d0763092c0219f9d.jpg)