If you didn’t hear, the House and then Senate on Thursday passed a $1.5 trillion omnibus spending bill that will fund the government for the rest of the fiscal year.
And, if you didn’t hear, cyberattacks are on the rise, with one expert estimating an 800 percent rise in cyberattacks between now and the days leading up to Russia’s invasion of Ukraine.
How are these connected?
Well, in this omnibus spending bill is a mandatory reporting requirement for victims of cyberattacks, and a 22 percent budget increase for the Cybersecurity and Infrastructure Security Agency (CISA).
The reporting requirements stipulate that any critical infrastructure owners and operators would need to report any significant hack or ransomware payment to CISA within 72 hours of the occurrence. The agency’s new budget increases by $568.7 million to a total of $2.6 billion.
The entire spending bill can be read here, and discussion of CISA begins on page 689.
This legislation requires CISA to implement this regulation within 42 months, though it may do so sooner. In any case, the requirement is likely not imminent, but it is on the horizon.
This push for mandatory reporting is not new and did not speed through the Senate so easily. Efforts began in 2020 following the SolarWinds hack.
CISA Director Jen Easterly called this legislation a “game changer” and explained how this can empower CISA to better prepare for and thwart future attacks.
“CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure,” she said. “This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.”
President Biden will sign the bill in the near future. White House spokesperson Jen Psaki confirmed on Thursday that President Biden looks forward to the bill’s passage.
This spending bill also boasted additional cybersecurity funding for other agencies, including the Department of Energy, the Coast Guard, the Office of Personnel Management, the Secret Service, and the Transportation and Treasury departments.
This is big news for any companies participating in critical infrastructure projects and it is important that you stay ahead of these reporting requirements.
But more than that, it’s sending a signal. It’s not just private sector experts yelling about cybersecurity and cyberwarfare. The United States government is clearly preparing for an increase in cyberattacks, as well.
If you need to rethink your security strategy, don’t hesitate to contact Tigunia today.