BankInfoSecurity.com reported the new US law “will require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency if they experience a substantial cyberattack (report due within 72 hours of the attack) or if they make a ransomware payment (report dues within 24 hours of the payment).” The March 11, 2022 article entitled “US Congress Passes Cyber Incident Reporting Mandate” included these comments about high profile Cyber attacks:
The passage comes after cybercriminals last year breached the network of Colonial Pipeline, forcing the company to shut down 5,500 miles of pipeline and causing increased prices and panic buying among consumers on the East Coast. Over the holiday season, threat researchers at Alibaba detected a widespread flaw in Apache’s logging library – Log4j – embedded in hundreds of millions of systems worldwide.
And with Russian President Vladimir Putin continuing his military offensive in Ukraine – advancing troops toward major population centers and increasingly striking civilian targets – U.S. cyber officials have long warned that Moscow could retaliate against sanctions and activate its hackers to infiltrate U.S. or NATO-member networks. The fears prompted CISA to issue a “Shields Up” warning to U.S. organizations – urging additional resource allocation to cyber defense.
Please stay tuned to see how the reporting works out!