Security News > 2022 > March > US Critical Infrastructure Companies Will Have to Report When They Are Hacked
Companies critical to U.S. national interests will now have to report when they're hacked or they pay ransomware, according to new rules approved by Congress.
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon.
It requires any entity that's considered part of the nation's critical infrastructure, which includes the finance, transportation and energy sectors, to report any "Substantial cyber incident" to the government within three days and any ransomware payment made within 24 hours.
Even better would be if they had to report it to the public.
News URL
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)