US Congress Approves Strengthening American Cybersecurity Act
Federal agencies and critical infrastructure owners and operators may need to change how they respond to cyber attacks. The U.S. Congress passed new legislation mandating they report attacks within 72 hours. In addition, it requires them to report ransomware payments within 24 hours.
This new federal legislation was also influenced by the ongoing war in Ukraine. The Strengthening American Cybersecurity Act was first approved by the Senate in early March. Later, house lawmakers packaged the reporting clause into a larger omnibus spending bill. The Senate also passed this by a large margin earlier this month. The new bill now awaits President Joe Biden’s signature for approval.
The legislation targets organizations across 16 federally designated critical infrastructure sectors, including energy, financial, manufacturing and health care services. The larger omnibus bill includes some $14 billion in emergency assistance to Ukraine in its defense against Russia, with lawmakers often citing the rise of cyber threats in the conflict.
The provision includes further assistance for the departments of Defense, State, Justice, Treasury, Commerce and others. They will receive technological and continuity-of-government aid, which includes IT infrastructure and cybersecurity services.
U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), chairman and ranking member of the Homeland Security and Governmental Affairs Committee, authored the bipartisan mandate.
In a statement, Senator Peters said, “Critical infrastructure operators defend against malicious hackers every day, and right now, these threats are even more pronounced due to possible cyber attacks from the Russian government in retaliation for our support of Ukraine. It’s clear we must take bold action to improve our online defenses. This provision will create the first holistic requirement for critical infrastructure operators to report cyber incidents so the federal government can warn others of the threat, prepare for widespread impacts and help get our nation’s most essential systems back online so they can continue providing invaluable services to the American people.”
If signed by President Biden, the legislation would amend federal government cybersecurity laws to strengthen teamwork between federal agencies, require the federal government to adopt a risk-based approach to cybersecurity and require civilian agencies to report all cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within strict time limits. It would require reporting of cyber incidents to be completed within 72 hours and ransomware payments within 24 hours.
The provision also gives CISA the authority to subpoena entities that fail to report cyber attacks or the payment of ransomware. Meanwhile, it will oblige CISA to sponsor a program to alert agencies of exploitable vulnerabilities connected with ransomware. CISA Director Jen Easterly will establish a joint ransomware task force to organize the federal efforts.
Commenting on the passage of the mandate, Easterly took to Twitter to say, “Thrilled to see that the cyber incident reporting legislation has passed! This bill is a game-changer & a critical step forward for our Nation’s cybersecurity. As the nation’s cyber defense agency, it will help @CISAgov better protect our networks & critical infrastructure.”
Easterly also commented that CISA will use incident reporting to render assistance to victims suffering attacks, analyze reporting to spot trends across sectors and quickly share information with network defenders to warn potential victims and help prevent further attacks.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
4 min read – From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses…
2 min read – On March 17, the FBI, the U.S. Treasury Financial Crimes Enforcement Network and the Department of the Treasury released a joint cybersecurity advisory about AvosLocker, a ransomware-as-a-service (RaaS) affiliate-based group. According to the advisory, AvosLocker has targeted victims across multiple…
3 min read – The protection of the SAP systems, as mission-critical applications, is becoming the priority for the most relevant organizations all over the world. The security hardening of SAP systems is key in these uncertain times, where threat actors start seeing SAP…
U.S. colleges and universities are on high alert for cyberattacks. The FBI issued a warning for higher education in March 2021. Even with universities taking steps, several found themselves victims of BlackCat, also known as the ALPHV group. A Wave of Attacks in April Ransomware gang BlackCat took credit for a ransomware attack during North Carolina A&T State University’s spring…
According to a new survey, it keeps getting harder to hire and retain a cybersecurity workforce. The ISACA report revealed that 63% percent of surveyed security workers indicate they have unfilled positions. That’s an 8% increase compared to 2021. Meanwhile, 62% report that their teams are understaffed. In a world where threats are becoming more complex, these numbers are sobering.…
The 2022 Cost of a Data Breach report was eagerly anticipated by cybersecurity professionals and the technology industry as a whole. Following two years of increased remote work and other changes due to the pandemic, the report was an important benchmark on the lasting impact and future trends of data breaches. Not surprisingly, this year’s report made waves on social…
With the skills gap still impacting cybersecurity, universities look for new ways to prepare their students to succeed in the field. Because many cybersecurity skills are best learned with hands-on projects, students need computer labs designed for innovation in this area. University Center Supports U.S. Defense As part of this national effort, Texas A&M University-Central Texas received a $4.2 million…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.
