Biden signs cyber incident reporting bill into law

Irina Baranova

President Joe Biden on Tuesday signed into law a $1.5 trillion government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment.

Biden signed the legislation during a White House ceremony that was attended by administration officials and top Democratic lawmakers, including including House Speaker Nancy Pelosi (Calif.), Senate Majority Leader Chuck Schumer (N.Y.).

The Strengthening American Cybersecurity Act — which was attached to the spending deal that keeps the federal government open until September — requires that critical infrastructure operators alert the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a breach and 24 hours if the organization made a ransomware payment. It also grants CISA the power to subpoena entities that don’t report a cyber incident or ransomware payment. 

The measure becoming law is a complete reversal from only a few months ago when it was stripped from the annual defense policy bill.

CISA will have up to two years to publish a notice in the Federal Register on proposed rulemaking to implement the reporting effort, though it may move faster due to heightened concerns about Russian cyberattacks bleeding out of Moscow’s invasion of Ukraine.

“This historic, new law will make major updates to our cybersecurity policy to ensure that, for the first time ever, every single critical infrastructure owner and operator in America is reporting cyber-attacks and ransomware payments to the federal government,” Senate Homeland Security Committee Chair Gary Peters (D-Mich.), who authored and championed the legislation along with Sen. Rob Portman (R-Ohio), said in a statement.

Portman, the panel’s top Republican said the legislation will “give the National Cyber Director, CISA, and other appropriate agencies broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks.”

Correction: An earlier version of this story misstated the size of the funding bill — it is $1.5 trillion, not $1.5 million.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication’s cybersecurity newsletter.


https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law/

Next Post

A remarkable, first-time film course tackles the criminal justice system

The assignments in UC Santa Cruz Film Professor Sharon Daniel’s two-quarter undergrad course, FILM 171S-02, are not your typical film school fare. This course, titled Reasonable Doubts: Making an Exoneree, aims for nothing less than to free wrongfully convicted persons currently incarcerated in American prisons. Now underway and in its […]