Lawmakers moving on cyber incident-reporting bills; industry hopes to nudge discussion away from regulatory mandates

Members of Congress are moving toward a legislative push for mandatory cyber-incident reporting by critical infrastructure operators, while industry groups are beginning to shape their arguments against establishing such a regulatory requirement in response to the SolarWinds and Microsoft Exchange hacks.

A source close to the House Homeland Security Committee told Inside Cybersecurity: “We’re in the process of developing legislation that will require critical infrastructure owners and operators to report certain cybersecurity incidents to CISA for purposes of building CISA’s...