Cyber Incident Reporting by Industry Mandated in Draft Bill

Critical infrastructure operators would be required to report cyber incidents to the government’s cybersecurity agency within three days under a bipartisan bill from by House Homeland Security Committee leaders.

The draft legislation follows a large increase in cyberattacks across critical infrastructure sectors, including on energy firm Colonial Pipeline Co. and meat producer JBS SA, and increased pressure to require companies to share incidents with the federal government.

The bill backed by Chair Bennie Thompson (D-Miss.), ranking member John Katko (R-N.Y.) and Rep. Yvette Clarke (D-N.Y.) would direct the Cybersecurity and Infrastructure Security Agency to issue an interim final rule ...