Companies urge action at SolarWinds hearing

Top executives from Microsoft and FireEye on Tuesday urged Congress to create mandatory breach reporting requirements for companies following the massive Russian hack of the federal government that extended to the private sector.

“We need to impose a clear, consistent disclosure obligation on the private sector,” Microsoft President Brad Smith said in written testimony to the Senate Intelligence Committee, noting that “silence reigns” when companies are hacked.

FireEye CEO Kevin Mandia, whose company was credited with shining an early light on what has become known as the SolarWinds breach, said there should be a way for companies to report breaches with potential national security ramifications without fear of legal retribution.

“The U.S. government should consider a federal disclosure program for not only sharing threat indicators but for also providing notification of a breach or incident,” Mandia said in written testimony.