A US bill that would require critical infrastructure operators to report cyber attacks within 72 hours is headed to President Joe Biden’s desk to be signed into law.
The bill was passed by Homeland House late Wednesday night while the Senate approved the final legislation the following day. The bill is similar to an earlier provision bill that was unanimously cleared by the Senate earlier this month.
In the new bill, the law would require critical infrastructure owners and operators to report a substantial cybersecurity incident to CISA within 72 hours and within 24 hours of making a ransomware payment.
The provision also gives CISA the authority to summon anyone that fails to report cyberattacks or ransomware payments.
According to a statement by the lawmakers, “the new reporting requirements will better prepare the US against possible cyber threats from Russia in retaliation for sanctions and support for Ukraine”.
CISA director Jen Easterly applauded lawmakers’ actions and said the new legislation will give her agency better data and visibility to help it protect critical infrastructure.
“This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims,” Easterly added.
This article was earlier reported by theregister.com