Companies important to the U.S.’s national interests will now have to report when they’re hacked or if they pay ransomware, an Associated Press report said, under a bill passed by Congress and expected to be signed by President Joe Biden.
The rules come as part of a broader effort from the Biden administration and Congress to bolster cyber defenses.
There have been numerous high-profile digital attacks and ransomware attacks recently, enhanced by the pandemic and the transition to digital means of managing money and business.
Requiring businesses to report cyberattacks will give the government better visibility into the hacking efforts. Many private companies don’t go to authorities when hacks happen.
AP wrote that the new rules require companies considered part of the nation’s critical infrastructure, including finance, transportation and energy, to report any “substantial cyber incident” within three days, and any ransomware payment they make within one day, to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
The reporting requirement was approved by the House and Senate on Thursday. It’s expected to be signed into law by Biden soon.
Ransomware features criminals holding data hostage via encryption until a ransom has been paid. There have been several high profile attacks, like the one last year against the biggest U.S. fuel pipeline, and another on the world’s biggest meat packing company.
Reuters notes that state hackers based in Russia and China have had success in spying on and hacking U.S. targets, including those that are deemed critical infrastructure.
See also: Senate Unanimously Approves Cybersecurity Legislation
PYMNTS wrote about the legislation earlier this month, when the Strengthening American Cybersecurity Act passed the Senate by a unanimous vote. It was proposed in February by Sens. Rob Portman and Gary Peters, who are ranking member and chairman, respectively, of the Senate Homeland Security and Governmental Affairs Committee.