US Congress Passes Cyber Incident Reporting Mandate

After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments has passed both chambers of Congress and now heads to President Joe Biden's desk. The provision, originally authored by leaders of the Senate Homeland Security and Governmental Affairs Committee - Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio - will require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency if they experience a substantial cyberattack (report due within 72 hours of the attack) or if they make a ransomware payment (report dues within 24 hours of the payment).

Read more about it here.