A recently introduced legislative package whose goal is to strengthen the cybersecurity of critical infrastructure and government networks has passed in the Senate as the U.S. is increasingly concerned about Russian cyberattacks.
As Russia is attempting to invade Ukraine, a war is also taking place in cyberspace and the United States and its allies are concerned that Russia could step up its cyberattacks. Threat groups linked to Moscow have mostly focused on cyberespionage when targeting the West, but they have been known to launch destructive attacks in other parts of the world.
Last month, U.S. senators Gary Peters (D-MI) and Rob Portman (R-OH) introduced a package named Strengthening American Cybersecurity Act of 2022, which combines three bills introduced in the fall of 2021, including the Cyber Incident Reporting Act.
This bill requires critical infrastructure owners and operators, as well as civilian federal agencies, to inform the Cybersecurity and Infrastructure Security Agency (CISA) of any significant cyberattack within 72 hours.
CISA would also have to be informed — by almost every organization — about any ransomware payment, within 24 hours. The cybersecurity agency would also be given additional authorities to lead incident response for federal civilian networks.
“At a time when we are facing significant threats of Russian cyberattacks against our institutions and our allies, it’s more important than ever that the government have an idea of what those threats are. I am glad the Senate has passed our bipartisan cyber incident reporting bill, and I look forward to working with my colleagues in the House to get a final version of this legislation to the president’s desk as soon as possible,” Sen. Mark Warner, chairman of the Senate Select Committee on Intelligence, said after the Senate passed the bill.
Senate Majority Leader Chuck Schumer said the bill will help protect the United States against “Putin’s attempted cyberattacks.” Schumer noted that the legislation has been around for a while, but “certain business interests opposed it” until now.
“There has been a reluctance on the part of many in the business community to want to do this, because it may expose them to other kinds of harm and maybe the public will not want to be involved in these businesses. But the importance of the reporting is vital,” Schumer said. “When our authorities in the government know of the attacks, they can prepare against future attacks: they will know who is attacking, where they’re attack, how they’re attacking, and that will allow them to strengthen our defenses against future cyberattacks.”
President Joe Biden last year signed an executive order that represents the foundation for several cybersecurity initiatives, including some that have recently come to fruition. These include a memorandum focused on boosting the cybersecurity of National Security Systems, a federal zero trust strategy, and the DHS’s Cyber Safety Review Board (CSRB).
Related: Experts Analyze Proposed Bill Allowing Private Entities to ‘Hack Back’
Related: House Passes Several Critical Infrastructure Cybersecurity Bills
Related: House Passes Two Bills to Improve Small Business Cybersecurity