The U.S. Senate unanimously passed the “Strengthening American Cybersecurity Act” on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the United States. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours.
Furthermore, affected organizations should preserve relevant data and promptly share updates to a previously submitted covered cyber incident report. If substantially new or different information becomes available, or if any of the covered entities make a ransom payment after submitting a covered cyber incident report.
The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act (CIRA), the Federal Information Security Management Act (FISMA), and the Federal Secure Cloud Improvement and Jobs Act (FSCIJA). While FISMA incorporates more effective cybersecurity practices, FSCIJA aims to accelerate the deployment of cloud computing products and services, drive strong adoption of secure cloud capabilities, create jobs, and reduce dependency on legacy information technology.
The reporting requirements were introduced in the Senate after several high-profile cybersecurity and ransomware incidents put pressure on lawmakers to better protect critical infrastructure, and discourage attacks. Last May, a ransomware attack on Colonial Pipeline made the company to shut down thousands of miles of pipeline and led to increased prices and gas shortages. That incident was followed several weeks later by a cyberattack on a major US meat producer, highlighting the impact ransomware can have on vital services in the United States.
The legislation has been approved by the Senate and needs to be passed by the House, before it is officially signed into law. In September 2021, United States Senator Rob Portman said that as cyber and ransomware attacks continue to increase, the federal government must quickly coordinate a response and hold these bad actors accountable.
Democratic Sen. Gary Peters of Michigan said that as our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government. He was the lead author on the package of bills, said in a statement, noting that online attacks can disrupt the economy, drive up gasoline prices and threaten supply chains.
“This bipartisan bill will give […] broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks.”