The bipartisan legislation led by Sens. Mark Warner, D-Va., Marco Rubio, R-Fla., and Susan Collins, R-Maine, follows a series of cyberattacks in recent months on private and federal entities, including the 2020 SolarWinds hack, which put hundreds of agencies and companies at risk, and the Colonial Pipeline ransomware attack that led to a temporary gas shortage along the East Coast in May.
"Cyberattacks against American businesses, infrastructure and government institutions are out of control," Rubio, vice chairman of the committee, said in a Wednesday statement. "The U.S. government must take decisive action against cybercriminals and the state actors who harbor them. It is also critical that American organizations act immediately once an attack occurs."
Rubio added that if government entities ensure "prompt notification" of an incident, it will "help protect the health and safety of countless Americans and will help our government track down those responsible."
There is currently no federal requirement for when agencies must report cybercrime incidents.
The Cyber Incident Notification Act of 2021, which has 12 bipartisan cosponsors, would offer limited immunity to entities that report cyberattacks and direct the Cybersecurity and Infrastructure Security Agency (CISA) to help protect personal information at risk of exposure.
"The SolarWinds breach demonstrated how broad the ripple effects of these attacks can be, affecting hundreds or even thousands of entities connected to the initial target," Warner, chairman of the committee, said, adding that the country needs "a routine federal standard so that when vital sectors of our economy are affected by a breach, the full resources of the federal government can be mobilized to respond to and stave off its impact."