Senate passes cybersecurity act forcing critical infrastructure orgs to report cyberattacks, ransom payments

The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. 

The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee. 

The act combines pieces of the Cyber Incident Reporting Actthe Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act — all of which were authored by Peters and Portman and advanced out of committee before floundering. 

Ukraine Crisis

The 200-page act includes several measures designed to modernize the federal government’s cybersecurity posture, and both Peters and Portman said the legislation was “urgently needed” in light of US support for Ukraine, which was invaded by Russia last week. 

“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government. As we have seen repeatedly, these online attacks can significantly disrupt our economy – including by driving up the price of gasoline and threatening our most essential supply chains –

Read More: