Senate Bill to Mandate Cyberattack, Ransomware Payment Reporting

Energy companies, banks and other critical infrastructure operators would have to report cybersecurity incidents and ransomware payments to the federal government under legislation introduced Tuesday.

Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) are unveiling a bipartisan bill to require critical infrastructure operators to notify the Cybersecurity and Infrastructure Security Agency within 72 hours of experiencing a cyberattack, according to details shared with Bloomberg Government.

The measure would also require other organizations—including nonprofits, businesses with more than 50 employees and state and local governments—to notify the federal government within 24 hours if ...