Time for a National Cyber Incident Disclosure Requirement
Visiting Fellow, Meese Center for Legal and Judicial Studies
Michael Ellis joined The Heritage Foundation’s Meese Center for Legal and Judicial Studies as visiting fellow for law and technology.
Summary
Congress can clarify the private sector’s responsibilities in the field of cybersecurity by enacting a single requirement to disclose breaches of cybersecurity to the federal government. Any legislation should provide incentives for companies to report hacks when there is still time for the government to help. Even so, a federal requirement for disclosure of cybersecurity incidents would be only a first step in the improvement of cybersecurity defense. Cybersecurity is a complex problem that will require creative thinking, significant resources, and stronger partnership between the public and private sectors in the years ahead.
Key Takeaways
Recent cyberattacks on American companies demonstrates critical weaknesses in U.S. cybersecurity defense.
Federal legislation that requires and incentivizes companies to disclose hacks would improve U.S. cybersecurity by enabling the government to help in time.
Effectively preventing and fighting cyberattacks will require creativity, significant resources, and stronger partnership between the public and private sectors.
