The Senate unanimously passed cybersecurity legislation on Tuesday that would require companies in critical sectors to alert the government of potential hacks or ransomware.
The Strengthening American Cybersecurity Act, a package of three bills sponsored by Sen. Gary Peters (D-Mich.), comes as U.S. officials urge the private sector to gear up for possible Russian cyberattacks in retaliation for U.S. sanctions over its invasion of Ukraine.
“Cyber warfare is truly one of the dark arts specialized by Putin and his authoritarian regime. And this bill will help protect us from Putin’s attempted cyberattacks against our country,” said Senate Majority Leader Charles Schumer (D-NY) following the passage of the legislation.
One of the bills would require companies to report substantial cyberattacks within 72 hours and ransomware payments within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA).
Another bill in the package would update federal cyber laws to improve coordination between federal agencies. It would also require agencies to share cyber incidents with CISA.
Last week, CISA officials urged federal agencies and the private sector to remain vigilant against Russian cyberattacks, especially following the economic sanctions imposed by the U.S. and its allies.
“Every organization—large and small—must be prepared to respond to disruptive cyber activity,” CISA officials said in an updated guidance.
In a statement on the bill’s passage, Senate Intelligence Committee Chair Mark Warner (D-Va.) said “at a time when we are facing significant threats of Russian cyberattacks against our institutions and our allies, it’s more important than ever that the government has an idea of what those threats are.”