The House passed on Wednesday and the Senate passed on Thursday the Cyber Incident Reporting for Critical Infrastructure Act, included within the $1.5 trillion Consolidated Appropriations Act, 2022, requiring owners and operators to report significant cyber incidents and ransomware attacks to CISA.
“The authorities and resources provided in this bill can’t come soon enough, as CISA works to combat rapidly evolving cyber threats in this shifting geopolitical landscape. Passage of this legislation further solidifies Congress’ intent that CISA is the lead Federal agency for cybersecurity,” Rep. Bennie G. Thompson (D-MS), Chairman of the Committee on Homeland Security, Rep. John Katko (R-NY), Ranking Member of the Committee on Homeland Security, Rep. Yvette D. Clarke (D-NY), Chairwoman of the Cybersecurity, Infrastructure Protection, & Innovation Subcommittee, and Rep. Andrew Garbarino (R-NY), Ranking Member of the Cybersecurity, Infrastructure Protection, & Innovation Subcommittee, said in a joint statement.
“This legislation is years in the making, and is a product of rigorous bipartisan, bicameral negotiation informed by significant consultation with the Administration and the private sector, who deserve credit for coming to the table to work with us. Our work is not done, but this legislation is a major step forward.”
CISA Director Jen Easterly praised the passage of the legislation.
“CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure. This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. CISA is committed to working collaboratively and transparently with our industry and federal government partners in order to enhance the security and resilience of our nation’s networks and critical infrastructure,” she said. “Put plainly, this legislation is a game-changer. Today marks a critical step forward in the collective cybersecurity of our nation.”
“We are also grateful to Congress for the unprecedented level of funding provided for CISA in the Fiscal Year 2022 Omnibus. This investment represents a recognition of the importance of our mission and the confidence of the Congress in our ability to defend our nation’s networks and critical infrastructure.”