US legislation brings mandatory cyberattack and ransomware reporting one step closer

The US Senate has passed legislation designed to improve the cybersecurity of the Federal Government.

The legislation, which consists of three bills, was unanimously passed by the Senate on Tuesday evening, and would – amongst other things – require organisations working in critical industry sectors to alert the US Government about hacks and ransomware attacks.

The passing of the “Strengthening American Cybersecurity Act of 2022” comes after repeated warnings to the private sector from US Government officials that it should ready itself for potential cyberattacks from Russia, in retaliation over sanctions introduced after the invasion of Ukraine.

The bipartisan legislation, which still has to pass the House before it is signed into law, demands that critical infrastructure owners – such as energy and health care facilities – and civilian federal agencies that suffer a cyber attack report it to the US Cybersecurity and Infrastructure Agency (CISA) within 72 hours. In addition, organisations deemed to operate critical infrastructure must report ransomware payments within 24 hours.

In addition, targeted organisations are required to preserve data and share updates in a prompt fashion as “substantial new or different information becomes available.”

The hope is that the sharing of information should not only help gather intelligence on who might be behind such attacks, and techniques being used by attackers, but also help defend other organisations.

“At a time when we are facing significant threats of Russian cyberattacks against our institutions and our allies, it’s more important than ever that the government has an idea of what those threats are,” explained Senate Intelligence Committee Chair Mark Warner.

Prior attempts to introduce similar legislation have stalled in the past due to what lawmakers have described as timing constraints. In addition, the FBI has previously voiced concerns that it and the Department of Justice might be cut out of the loop of mandatory incident reporting.

The recent attack on Ukraine has no doubt helped focus those who work in the Senate to push the legislation through unanimously, with the intention of better protecting the United States.

“Cyber warfare is truly one of the dark arts specialized by Putin and his authoritarian regime. And this bill will help protect us from Putin’s attempted cyberattacks against our country,” said Senate Majority Leader Charles Schumer.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” US legislation brings mandatory cyberattack and ransomware reporting one step closer” appeared first on TripWire

Source:TripWire – Graham Cluley