Bill addresses critical infrastructure cyber attack reporting

A pair of lawmakers have introduced a bill they said requires critical infrastructure owners and operators to report cyber attacks to the Cybersecurity and Infrastructure Security Agency (CISA).

Officials said the Cyber Incident Reporting Act, presented by Sens. Gary Peters (D-MI) and Rob Portman (R-OH), also seeks to have most entities report if they make a ransomware payment.

“The scourge of cyber-attacks that have disrupted the lives of countless Americans shows we are facing a crisis we are not fully prepared to address,” Peters said. “When entities — such as critical infrastructure owners and operators — fall victim to network breaches or pay hackers to unlock their systems, they must notify the federal government so we can warn others, prepare for the potential impacts, and help prevent other widespread attacks.”

Peters noted the measure would help deter future attacks, combat cybercriminals and provide accountability for infiltrating domestic networks.

“As cyber and ransomware attacks continue to increase, the federal government must be able to quickly coordinate a response and hold these bad actors accountable,” Portman said. “This bipartisan bill will give the National Cyber Director, CISA, and other appropriate agencies broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation and warning to critical infrastructure and others of ongoing and imminent attacks. This bill strikes a balance between getting information quickly and letting victims respond to an attack without imposing burdensome requirements.”