October 23, 2021
Senate Homeland Security panel approves incident reporting bill with changes to ransomware requirement, liability protection
The Senate Homeland Security Committee approved bipartisan legislation by voice vote today to establish a mandatory cyber incident reporting regime for critical infrastructure operators, during a contentious markup session where GOP members raised concerns over a 24-hour ransomware reporting requirement impacting small businesses.
The bill requires “critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a cyber-attack,” according to a release last week from committee leaders.
The committee voted to change language...