The U.S. Senate unanimously passed the “Strengthening American Cybersecurity Act” on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country.
The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours.
Affected organizations must preserve the relevant data and share any updates to a previous submitted covered cyber-incident report “if significant new or differing information becomes available, or if the ransom payment is made after submission of a covered cyber-incident report. “
The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act (CIRA), the Federal Information Security Management Act (FISMA), and the Federal Secure Cloud Improvement and Jobs Act (FSCIJA).
While FISMA incorporates more effective cybersecurity practices, FSCIJA aims to accelerate the deployment of cloud computing products and services, and drive stronger adoption of secure cloud capabilities, create jobs, and reduce dependency on legacy information technology.
The legislation, now that it has been approved by the Senate, needs to be passed by the House before it’s officially signed into law.
” As cyber- and ransomware threats continue to rise, the federal government should be able quickly coordinate a response to these criminal actors,” stated U.S. Senator Rob Portman in September 2021.
” This bipartisan bill gives […] wide visibility into cyberattacks occurring across the nation every day to allow a whole of government response and mitigation and to warn critical infrastructure about imminent and ongoing attacks. “