Senate Passes Cybersecurity Act Requiring Mandatory Cyberattack Reporting and More

Last Tuesday, the Senate passed new cybersecurity legislation regarding reporting of cyberattacks to the Cybersecurity Infrastructure Security Agency (CISA). Essentially, the legislation forces critical infrastructure organizations to report cyberattacks to the CISA within 72 hours and ransomware payments within 24 hours. The act, which they’re calling the Strengthening American Cybersecurity Act, was passed by unanimous consent. You can read the full bill here.

What does the act include? Let’s break it down somewhat simply: 

• Length: 200-page document
• Content: Combination of pieces from the following legislation:
  • Cyber Incident Reporting Act
  • Federal Information Security Modernization Act of 2021 
  • Federal Secure Cloud Improvement and Jobs Act
• Goals:
  • Modernize the federal government’s cybersecurity posture.
  • Ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks.
  • Update the threshold for agencies to report cyber incidents to Congress and give CISA more authority to ensure it is the lead federal agency in charge of responding to such incidents.

The act is a bi-partisan bill with hopes of inspiring early reporting to improve public and private cybersecurity protection. New vulnerabilities are discovered daily, and this act will play a key role in combating the ever-changing and evolving cybersecurity landscape in the United States.

If you are ever concerned you’ve been a cyberattack victim, contact your IT security team and the authorities ASAP. Per this new legislation, these parties will assist in making sure the correct agencies are informed of the attack. Let’s chat if PK Tech can help your organization as you prioritize IT security in 2022. Get in touch with us here.