Senate Homeland Security and Governmental Affairs Committee Chair Gary Peters (D-MI) and Ranking Member Rob Portman (R-OH) have released a bill requiring critical infrastructure owners and operators to report cyber attacks to the government within 72 hours. Another bill is expected which will also require federal agencies and contractors to report incidents. A new Cyber Incident Review Office within CISA would collect and analyze the reports, and issue alerts about threats. A similar measure is found in the NDAA bill newly passed by the House.
If the bill is enacted, organizations with more than 50 employees would be required to consider alternatives to paying ransomware demands, and report it to CISA if they do. CISA would be able to issue subpoenas to organizations that don’t comply with requirements to report incidents or ransomware payments. Those that fail to comply could be referred to the Department of Justice and potentially barred from federal contracting.
Source:
- Federal News Network: Senators Release Cyber Incident Reporting Bill, Preview FISMA Reforms