FireEye CEO Kevin Mandia
FireEye CEO: Digital currency enables cybercrime
06:43 - Source: CNNBusiness
CNN  — 

US lawmakers are preparing legislation that would require a vast range of public and private entities to alert the government within 24 hours of a cybersecurity breach, following a wave of ransomware attacks that have threatened the nation’s economic and national security.

The bipartisan draft by Sens. Mark Warner, a Virginia Democrat; Marco Rubio, a Florida Republican; and Susan Collins, a Maine Republican, reflects a renewed effort by Congress to pass long-awaited federal rules surrounding cybersecurity breach notifications. There is currently no single federal standard, which critics have said for years is a hindrance to protecting the nation from cyberattacks.

Warner is the chair of the Senate Intelligence Committee, Rubio is the panel’s top Republican and Collins has been involved in the push to craft comprehensive federal cybersecurity legislation since at least 2012.

The bill circulating in Washington, obtained by CNN, would apply to US government agencies, as well as federal contractors and critical infrastructure owners and operators, such as businesses in the manufacturing, energy and financial services sectors. Industry representatives and trade groups have already received copies of the discussion draft.

Those entities would be required to issue breach reports to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, according to the discussion draft. The legislation would direct the agency to establish a secure mechanism to receive the reports.

The bill includes liability protections for companies that submit breach notification reports, which cybersecurity experts have said is critical to ensuring that businesses are not afraid to come forward to disclose breaches and to help US officials bolster the nation’s cybersecurity.

Some industries are already under stricter reporting requirements. The Transportation Security Administration, for example