On Tuesday, the US Senate unanimously approved a new Cybersecurity Act said to increase the security of critical infrastructure in the country.
The legislation was introduced on Feb. 8 by Senators Rob Portman and Gary Peters one of the chief sponsors of the bill who chairs the Homeland Security Committee.
According to legislators, critical infrastructure organizations will be forced to report ransomware payments within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA) and cyber incidents within 72 hours.
In addition, organizations impacted by cyberattacks must preserve and promptly share relevant data with the authorities by updating a “previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report.”
The newly approved act consists of several measures to strengthen the federal government’s cybersecurity infrastructure. It comprises pieces of three different bills, all authored by Peters and Portman:
- Cyber Incident Reporting Act (CIRA)
- Federal Secure Cloud Improvement and Jobs Act (FSCIJA)
- Federal Information Security Management Act (FISMA)
Although the 200-page “Strengthening American Cybersecurity Act” has been approved by the Senate, it still needs to be passed by the House to officially be signed into law.
Portman said adopting the legislation is crucial in light of US support for Ukraine, expressing concern over the country facing “increased cyber & ransomware attacks from Russia.”
“This bipartisan legislation will work to hold these bad actors accountable and enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks,” Portman explained in a tweet.