Senate Bill Requires Critical Infrastructure Organisations To Report Cyberattacks – Security Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Sep 30, 2021 01:25 am PST

BACKGROUND:

The U.S. Senate has just introduced a bipartisan bill that requires critical infrastructure operators, such as banks and energy companies, to report cyberattacks within 72 hours. 

Other organisations such as state and local governments and businesses with more than 50 employees would also be required to report any ransoms paid following an attack to the federal government within 24 hours of payment.

Top security officials CISA Director Jen Easterly and National Cyber Director Chris Inglis attended a committee hearing last week to support a draft version of the measure.

The Senate bill comes after the House of Representatives passed a similar measure in fiscal 2022 National Defense Authorisation Act (H.R. 4350) on September 23. The House bill, however, does not require ransomware payments to be reported.