By Shardul Desai, Joel Roberson and Marissa Serafino (March 30, 2022, 5:29 PM EDT) — After years of debate, Congress has passed bipartisan legislation requiring owners and operators of critical infrastructure to report cyber incidents to the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency, or CISA, within 72 hours, and ransomware payments within 24 hours.
The Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA, was included in the fiscal year 2022 omnibus appropriations bill. The U.S. House of Representatives approved the spending bill on March 9, and the U.S. Senate approved it on March 11. President Joe Biden signed the bill into law on March 15.
The cyber reporting provision, Division Y, in the appropriations…