Legislation requiring critical infrastructure owners to report major cyber incidents to the federal government, and mandating that ransomware victims disclose when they make payments, has hit a significant snag in the Senate.
A bipartisan group of senators announced a proposal in November that would require critical infrastructure owners and operators to report within 72 hours to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency when they suffer major cyber incidents, as defined by CISA. It also would require reporting of ransomware payments to CISA from a broader set of organizations, excluding only individuals and some smaller businesses, within 24 hours.
Advocates hope that by requiring swift reporting of major incidents, federal officials can help reduce the damage more quickly. Gathering intelligence about ransomware payments would help law enforcement and national security officials understand and act on digital extortion trends, officials say.
Backers were unable to advance the proposal last week for inclusion in the annual defense policy bill, amid Republican objections. Now, one GOP lawmaker is advancing an alternative proposal that he argues will be less burdensome for businesses that would have to report ransomware payments under the legislation.
Aides say negotiations over the legislation continue in a bid to ease passage of the incident reporting and ransomware payment bill via the fiscal 2022 National Defense Authorization Act (NDAA), a measure that Congress has passed for 60 consecutive years. The snag isn’t necessarily insurmountable, but the oft-sluggish nature of Senate procedure makes it potentially difficult to reac ..
Support the originator by clicking the read the rest link below.
