Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • New Bill Could Force U.S. Businesses to Report Data Breaches Quicker
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

5 years ago Tripwire Guest Authors
New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts.

The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year.

If passed, the bill could require certain U.S. businesses to do much more to protect their customers’ data, and it may levy serious penalties against businesses that fail to act.

What We Know About the Draft Bill

Senator Warner previewed the bill during an Axios event on cybersecurity. Joined by experts on cybersecurity policy, Warner laid out his vision for more effective cybersecurity legislation.

“Congress needs to act … We are working on a bill that would require mandatory reporting if you are a critical infrastructure company or a federal government contractor or the government itself … What we have right now is simply voluntary reporting.”

The text of the draft bill, while not publicly available yet, has been obtained by a number of major news networks including Politico and CNN.

The bill would apply to government agencies, federal contractors, and “critical infrastructure owners and operators” including businesses involved in manufacturing, energy production, and financial services.

In addition to the 24-hour reporting requirement, businesses would also be required to continue sharing information for a 72-hour period after the breach is reported.

The move follows a number of high-profile cyberattacks on essential U.S. infrastructure including the Colonial Pipeline breach, an event which took down the largest fuel pipeline in the United States and caused fuel shortages across the East Coast. If passed, the legislation would join a growing number of cybersecurity rules and regulations.

The U.S. Cyberspace Solarium Commission and Department of Defense have also pushed for more effective cybersecurity policies in the government and in federal contractors that work closely with the government.

There is currently no federal standard on cybersecurity breach notifications, which defense experts say has prevented the country from effectively defending itself against cyberattacks.

What the Bill Requires From Businesses

For businesses that are already beholden to stricter reporting laws — including U.S. pipeline companies, which are required by DHS to report breaches within 12 hours — the bill may not have that much of an impact if passed. The stricter guidelines would take precedence over the more lax 24-hour reporting rule.

For many other businesses, however, it could significantly change how they are required to monitor and respond to data breaches and to similar cybersecurity incidents.

The draft bill, according to reporting from CNN, would require essential businesses to report data breaches directly to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA). The legislation would require CISA to create a secure mechanism allowing the agency to receive these reports within 180 days of the bill becoming law.

The bill includes liability protections for businesses that come forward with data breach reports, immunizing them from lawsuits related to potentially embarrassing data released as part of that report.

Cybersecurity experts have said that these protections are essential to avoid discouraging companies from coming forward once they recognize a breach.

The bill also directs DHS to develop additional definitions and requirements that will make implementing the law possible.

How the Bill May Impact Businesses

If a business detects a breach and fails to report it to DHS, that business could face steep penalties depending on whether or not they are covered under the bill and have federal contracts.

Businesses covered under the bill without federal contracts will be subject to a penalty “equal to 0.5% per day of the entity’s gross revenue from the prior year.”

For businesses covered under the bill with government contracts, the draft bill itself does not specify penalties. Instead, it directs the Administrator of the General Services Administration to determine penalties, which may include removal from federal contracting schedules.

Federal agencies that violate the law will be referred to the inspector general for that agency, likely triggering an inspection of the agency.

The bill itself does not specify when breaches must be reported. Instead, it requires CISA to create rules specifying which breaches businesses need to report.

At a minimum, however, businesses will need to report breaches involving foreign actors, ransomware attacks, incidents that endanger national security, and a number of other incidents likely to be “of significant national consequence.”

Washington’s Push for New Cybersecurity Laws

It isn’t clear how much support there is for the bill in Congress, but there has been bipartisan support for new cybersecurity measures so far this year.

A significant amount of cybersecurity legislation has been recently introduced to Congress — including one bipartisan bill that would give states $500 million to bolster their cyber defenses.

Similar legislative activity can be seen at the state level, as well, according to the National Conference of State Legislatures. To date, 45 states and Puerto Rico have introduced more than 250 bills or resolutions that “deal significantly with cybersecurity.”

Recent executive orders on cybersecurity suggest the Biden administration is also ready to take action on cybersecurity.

As of June 30th, the bill hasn’t been introduced yet and will have to take a long path through Congress before being signed into law.

However, because there is so much interest in cybersecurity right now — due in part to high-profile breaches like the Capital Pipeline hack — businesses that may be impacted by the bill should pay close attention to its movement through Congress.

If passed, the bill would have a serious impact on expectations of how businesses should deal with reporting in the wake of a data breach.

Businesses Should Prepare for Stricter Cybersecurity Legislation

In any case, there is a growing bipartisan movement to improve the nation’s cybersecurity defenses and cybersecurity policy.

Along with other data-protection bills — like the IoT cybersecurity bill that was signed into law last year as well as state-level bills like the California Consumer Privacy Act (CCPA) — a number of cybersecurity bills will likely be debated in Washington this year.

Businesses should be aware of state and federal efforts to bolster cyber defenses and bills that could levy serious penalties against businesses that fail to properly disclose data breaches.


About the Author: Devin Partida is a cybersecurity and data privacy writer whose work is regularly featured on Yahoo! Finance, Entrepreneur, AT&T’s cybersecurity blog, and other well-known industry publications. She is also the Editor-in-Chief of ReHack.com.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” New Bill Could Force U.S. Businesses to Report Data Breaches Quicker” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Compliance, Critical Severity, Encryption, High Severity, Malware, Medium Severity, Privacy, Ransomware, TripWire

Continue Reading

Previous New Windows and Linux Flaws Give Attackers Highest System Privileges
Next IT/OT Convergence or IT/OT Integration?

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

11 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

European Parliament Member Investigating Spyware Was Hacked With Pegasus

20 hours ago [email protected] (The Hacker News)

Recent Posts

  • Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
  • New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
  • New Avalon Malware Framework Packs CrownX Ransomware Capabilities
  • North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
  • Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT