(CNN)The top senators on the Homeland Security Committee introduced legislation on Tuesday to require critical infrastructure companies to report cyberattacks to the federal government and to mandate that most organizations tell the federal government if they make ransomware payments.
If enacted, the bill will create the first national requirement for critical infrastructure entities to report when their systems have been breached.
Homeland Security and Governmental Affairs Chairman Gary Peters, Democrat of Michigan, and ranking member Sen. Rob Portman, Republican of Ohio, introduced the bill less than a week after several members of the Biden administration expressed public support during congressional testimony for such requirements.
The legislation would require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency within 72 hours if they are experiencing cyberattacks. Nonprofits, businesses with more than 50 employees, and state and local governments would be required to notify the federal government within 24 hours if they make ransom payments.
Enforcement
Read More
The bill comes after several high-profile cybersecurity and ransomware incidents earlier this year put pressure on lawmakers to better protect critical infrastructure and discourage ransomware incidents. In May, a ransomware attack on Colonial Pipeline prompted the company to shut down thousands of miles of pipeline and led to increased prices and gas shortages. That was followed by a ransomware incident on a major beef and pork producer, JBS USA, threatening the US meat supply.
"When entities -- such as critical infrastructure owners and operators -- fall victim to network breaches or pay hackers to unlock their systems, they must notify the federal government so we can warn others, prepare for the potential impacts, and help prevent other widespread attacks," said Peters in a statement.
Enforcement mechanisms are built into the legislation.
The bill would give the Cybersecurity and Infrastructure Security Agency the authority to subpoena entities that fail to report cybersecurity incidents or ransomware payments. If a business or nonprofit fails to comply with the subpoena, it can be referred to the Department of Justice and barred from contracting with the federal government.
Businesses that plan on making ransom payments will also be required to evaluate alternatives before making the payments, according to the legislation.
The federal government advises against making ransom payments, but many businesses feel they have no other choice when their systems are locked or they are threatened with data exposure.
US aims to hit revenue streams of ransomware groups with sanctions
The bill requires the Cybersecurity and Infrastructure Security Agency to launch a program that will warn organizations of vulnerabilities that ransomware actors exploit. It also directs the national cyber director to establish a joint ransomware task force to prevent and disrupt ransomware attacks.
During her first congressional hearing since taking office, Cybersecurity and Infrastructure Security Agency Director Jen Easterly called for cyber incident reporting to help victims of hacks, as well as to analyze the information and share it more broadly to see if similar intrusions are found elsewhere.
"We absolutely agree it's long past time to get cyber incident reporting legislation out there, and we're excited to work with you on this," Easterly told Peters last week.
However, Easterly said she doesn't believe that subpoena authority is "agile enough" for her agency to get the information as rapidly as possible to prevent others from falling prey to a similar attack.
Instead, she said fines should be considered for enforcement.
"I just came from four and a half years in the financial services sector, where fines are a mechanism that enables compliance enforcement," Easterly said.
Paid Content
Mansion Global Daily: Celebs in the New York Suburbs, the… Mansion Global
専门家が语るニューノーマル时代の「まちづくり」シンポジウム UR都市机构
Recommended 1/5
Analysis: Donald Trump turned on Lindsey Graham. Of course.
Analysis: Steve Bannon was knee-deep in January 6
This Japanese Method Sucks Most Toxins Out Of The Body
Analysis: What Mitch McConnell *really* thinks of Donald Trump
実家の査定额「7000万」NTTデータグループが开発した不动産一括査定
Analysis: Donald Trump turned on Lindsey Graham. Of course.
Analysis: Steve Bannon was knee-deep in January 6
Analysis: Steve Bannon was knee-deep in January 6
Read More
Rihanna Snaps up Her Neighbor’s House for $10 Million Mansion Global
东京都歯科医の给料が公开され、皆惊いています Search | Red Gobo
もう望远镜は必要ありません。代わりにこの天才的なポケットデバイスをお求めください tech4-you.com
topgadgetreviewer.com Why is Everyone in Japan Going Crazy Over This Inexpensive…
Merodic 一人で旅行するときは、ビニール袋を车のバックミラーに结びます。
nuubu.com One Simple Method To Sleep Better
Galecxy 惊いた! こんな生き物がこの世にいるなんて
tech4-you.com The Japanese Way To Free Your Body from Toxins
まだ谁も解けていない。世界の未解决问题10 Dazzllin
3歳児が饲育エリアに転落 そこに、でかいゴリラのが现れて…! Funbagg
Paid Content
一见すると普通の写真20枚 xfreehub 1 Simple Change That Cuts People's Electric Bill By Up To 45% tech4-you.com Tokyo : Online Jobs in the USA May Pay More Than You Think Sponsored Listings マジか?「人を浮かせる」の真相が明らかになった Yunikons
More from CNN
Analysis: Donald Trump's mental health becomes an issue again Russian fighter jets escorted US Air Force bomber after it… US Capitol rioter who stormed Senate floor reports to prison… She took part in one of the most secretive missions of the…
Recommended by