Critical infrastructure entities and federal agencies will have to report significant cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours under legislation passed by the House that will likely become law.

The U.S. House of Representatives has passed key provisions of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which would require critical infrastructure operations to alert the government when they are hacked or pay a ransom to threat actors. It is part of the $1.5 trillion omnibus spending bill passed by the House on Wednesday, which funds the federal government for the rest of the year.

The incident report provisions contained in the Act, part of the broader Strengthening American Cybersecurity Act, failed to become law last year but passed the Senate unanimously on March 1.

This article appeared in CSO Online. To read the rest of the article please visit here.