Mashka | Shutterstock

A draft for a federal breach notification bill is being circulated by members of the Senate Intelligence Committee, including chair Mark Warner (D-VA), ranking member Marco Rubio (R-FL), and Susan Collins (R-ME). It would require federal agencies, federal contractors, and critical infrastructure operators to report significant cyberthreats to CISA, or face a penalty of 0.5 percent of the previous year’s gross revenue.

The 24-hour deadline it would set is dramatically shorter than the 60 days allowed to entities covered by HIPAA. Elements of an attack that would trigger the requirement include: a nation-state or recognized threat group, a threat to national security or the economy, or involvement of ransomware.

Source: