March 30, 2022 By Jonathan Reed 2 min read

Federal agencies and critical infrastructure owners and operators may need to change how they respond to cyber attacks. The U.S. Congress passed new legislation mandating they report attacks within 72 hours. In addition, it requires them to report ransomware payments within 24 hours.

Provision impacts 16 critical infrastructure sectors

This new federal legislation was also influenced by the ongoing war in Ukraine. The Strengthening American Cybersecurity Act was first approved by the Senate in early March. Later, house lawmakers packaged the reporting clause into a larger omnibus spending bill. The Senate also passed this by a large margin earlier this month. The new bill now awaits President Joe Biden’s signature for approval.

The legislation targets organizations across 16 federally designated critical infrastructure sectors, including energy, financial, manufacturing and health care services. The larger omnibus bill includes some $14 billion in emergency assistance to Ukraine in its defense against Russia, with lawmakers often citing the rise of cyber threats in the conflict.

The provision includes further assistance for the departments of Defense, State, Justice, Treasury, Commerce and others. They will receive technological and continuity-of-government aid, which includes IT infrastructure and cybersecurity services.

Bipartisan support during Ukraine conflict

U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), chairman and ranking member of the Homeland Security and Governmental Affairs Committee, authored the bipartisan mandate.

In a statement, Senator Peters said, “Critical infrastructure operators defend against malicious hackers every day, and right now, these threats are even more pronounced due to possible cyber attacks from the Russian government in retaliation for our support of Ukraine. It’s clear we must take bold action to improve our online defenses. This provision will create the first holistic requirement for critical infrastructure operators to report cyber incidents so the federal government can warn others of the threat, prepare for widespread impacts and help get our nation’s most essential systems back online so they can continue providing invaluable services to the American people.”

If signed by President Biden, the legislation would amend federal government cybersecurity laws to strengthen teamwork between federal agencies, require the federal government to adopt a risk-based approach to cybersecurity and require civilian agencies to report all cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within strict time limits. It would require reporting of cyber incidents to be completed within 72 hours and ransomware payments within 24 hours.

The provision also gives CISA the authority to subpoena entities that fail to report cyber attacks or the payment of ransomware. Meanwhile, it will oblige CISA to sponsor a program to alert agencies of exploitable vulnerabilities connected with ransomware. CISA Director Jen Easterly will establish a joint ransomware task force to organize the federal efforts.

Cybersecurity game changer

Commenting on the passage of the mandate, Easterly took to Twitter to say, “Thrilled to see that the cyber incident reporting legislation has passed! This bill is a game-changer & a critical step forward for our Nation’s cybersecurity. As the nation’s cyber defense agency, it will help @CISAgov better protect our networks & critical infrastructure.”

Easterly also commented that CISA will use incident reporting to render assistance to victims suffering attacks, analyze reporting to spot trends across sectors and quickly share information with network defenders to warn potential victims and help prevent further attacks.

More from News

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Has BlackCat returned as Cicada3301? Maybe.

4 min read - In 2022, BlackCat ransomware (also known as ALPHV) was among the top malware types tracked by IBM X-Force. The following year, the threat actor group added new tools and tactics to enhance BlackCat's impact. The effort paid off — literally. In March 2024, BlackCat successfully compromised Change Healthcare and received a ransom payment of $22 million in Bitcoin. But here's where things get weird: Immediately after taking payment, BlackCat closed its doors, citing "the feds" as the reason for the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today