Senators introduce bill to require some cyber incident reporting

Leaders of the Senate Intelligence Committee and other bipartisan lawmakers on Wednesday formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches following months of escalating cyberattacks.

The Cyber Incident Notification Act would require federal agencies, government contractors and groups considered critical to national security — such as hospitals, utilities, financial services and information technology groups — to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.

The bill would grant liability protections to groups that report breaches, along with anonymizing personal information of the companies involved in the incidents in order to encourage reporting.

The bill is primarily sponsored by Senate Intelligence Committee Chairman Mark Warner (D-Va.), Vice Chairman Marco Rubio (R-Fla.) and committee member Susan Collins (R-Maine), with the measure circulating in the Senate and among stakeholders in draft format over the last month.