Cybercrime Is on the Rise: Will the Federal Government Require Companies to Report Cyber Attacks?

On May 8, 2021, Colonial Pipeline had to shut down a 5,500-mile fuel pipeline from Texas to New Jersey after its network experienced a ransomware attack. This attack follows a long list of other, recent high-profile cyber attacks in recent months. As cyber experts and officials have noted, cybercrime has been dramatically increasing since the SolarWinds attack, targeting critical infrastructure such as hospitals, manufacturers, and government entities. Companies are often hesitant to disclose information about security incidents, frequently making it difficult to gauge the timeframe and scope of a cyberattack and making it even more challenging to keep networks secure.

As a result of the SolarWinds security incident, the US Senate Select Committee on Intelligence is working on a bill that requires a limited form of mandatory reporting for the private sector when they experience a cyber attack. The goal of the legislation is to create an early warning system for foreign cyberattacks on critical organizations. The SolarWinds cyberattack, which compromised several federal agencies, is believed to have been carried out by Russian hackers, and the FBI has confirmed that a Russian cybercrime gang named DarkSide compromised Colonial Pipeline’s network. Listen to Privacy, Cybersecurity & Data Strategy partners Ron Lee and Jami Vibbert discuss the pending mandatory reporting legislation and how privacy officers and counsel can prepare for potential new requirements and compliance.