Intel leaders push for breach notification law

The leaders of the nation’s intelligence agencies on Wednesday joined bipartisan members of the Senate Intelligence Committee in pushing for measures to encourage the private sector to report breaches and to deter malicious hackers from attacking critical infrastructure.

The discussion came as Congress is under increasing pressure to act after the discovery of both the SolarWinds hack, in which likely Russian hackers compromised nine federal agencies, and new vulnerabilities in a Microsoft email application exploited by a Chinese state-sponsored hacking group to breach thousands of companies.

Leaders ‘troubled’: “We are troubled in terms of being able to understand the depth and breadth of an intrusion based upon the fact that, for a number of good reasons, some of them obviously legal, that much of the private sector does not share this information readily,” Gen. Paul Nakasone, the director of the National Security Agency and commander of U.S. Cyber Command, testified during the Senate Intelligence Committee’s annual worldwide threats hearing.

Both Director of National Intelligence Avril Haines and FBI Director Christopher Wray also argued in favor of breach notification legislation, particularly following the SolarWinds hack. The breach was first discovered and reported publicly by cybersecurity group FireEye, not the federal government, something FireEye had no legal requirement to do.

Wray specifically zeroed in on concerns around the Chinese government’s nefarious efforts to compete with the United States, noting that his agency opens an investigation connected to China every 10 hours.

The intelligence leaders and lawmakers also discussed a wide array of threats at the annual hearing, including domestic terrorism and online disinformation. The House Intelligence Committee will host the same leaders during its worldwide threats hearing on Thursday.