CEOs, Senators discuss mandating cyber-attack disclosures
Following the SolarWinds attack, it's clear there needs to be more information sharing and better public-private sector coordination, lawmakers and tech leaders agreed in a Senate hearing Tuesday. The federal government should consider imposing reporting requirements on entities that fall victim to cyber intrusions, they said.
Testifying at the Senate Intelligence Committee hearing, Microsoft President Brad Smith said it's time to impose a "notification obligation on entities in the private sector."
It's "not a typical step when somebody comes and says, 'Place a new law on me,'" he told lawmakers. "I think it's the only way we are going to protect the country." Both Committee Chairman Mark Warner (D-Va.) and Vice Chairman Marco Rubio (R-Fla.) agreed that Congress should consider mandating certain types of reporting, potentially with some limited liability protection.