TechRepublic: “The Senate passed a piece of legislation on Tuesday, detailing new cybersecurity measures that would force businesses to report cyberattacks and ransomware payments. The Strengthening American Cybersecurity Act aims to continue the Biden administration’s effort to make both the public and private sectors better defended online. With the act passing through the Senate, it will now head to the House for voting. The act, composed of three separate bills, would require critical infrastructure organizations to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a substantial cyberattack. In addition, those who make ransomware payments would be required to report the incident to the CISA within 24 hours. The 200-page act’s main goal is to update the federal government’s cybersecurity posture in response to the United States’ support of Ukraine in its war with Russia. “Since the Colonial Pipeline ransomware attack, the government has been in a reactionary course to pass legislation relating to cybersecurity to protect various private supply chains that impact the critical infrastructure of the United States,” said James McQuiggan, security awareness advocate at KnowBe4. “However, what is yet to be determined is the specific incidents that organizations will need to report, the timeframe required, in other words, the time from when the organizations classify an event as an incident, and which types of incidents. Regarding ransomware attacks, will it be based on a dollar amount or system impacted amount? CISA has to develop these requirements, but it will require organizations to shift their incident handling procedures to address the new laws set forth.”..