Senate Homeland Security panel approves incident reporting bill with changes to ransomware requirement, liability protection

The Senate Homeland Security Committee approved bipartisan legislation by voice vote today to establish a mandatory cyber incident reporting regime for critical infrastructure operators, during a contentious markup session where GOP members raised concerns over a 24-hour ransomware reporting requirement impacting small businesses.

The bill requires “critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a cyber-attack,” according to a release last week from committee leaders.

The committee voted to change language...