On March 2, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022 (“SACA” or the “Bill”). The Invoice is now with the Home of Representatives for a vote and, if handed, will likely be despatched to President Biden’s desk for signature.
Launched by Senators Rob Portman (R-OH) and Gary Peters (D-MI), the Invoice makes use of language from three different payments: the Cyber Incident Reporting for Essential Infrastructure Act (S. 2875), the Federal Data Safety Modernization Act (S. 2902) and the Federal Safe Cloud Enchancment and Jobs Act (S. 3099). Notably, the Invoice would require vital infrastructure operators to report “substantial cyber incidents” to the Cybersecurity and Infrastructure Safety Company (“CISA”) inside 72 hours and report ransomware cost inside 24 hours. The Invoice additionally would come with a number of different reforms meant to strengthen cybersecurity inside the federal authorities, together with:
requiring federal civilian companies to report all substantial cyber incidents to CISA inside 72 hours;
requiring sure data sharing to enhance coordination between federal companies;
authorizing the Federal Danger and Authorization Administration Program (“FedRAMP”) for 5 years in order that federal companies can undertake cloud-based applied sciences.
The Invoice additionally would authorize the Director of Workplace of Administration and Price range, in session with Sector Danger Administration Businesses, the Division of Justice and different federal companies, to concern a regulation to implement SACA. This regulation would outline and set up standards for what constitutes a “substantial cyber incident.” It additionally would offer an outline of the required contents of a cyber incident report or ransom cost report back to CISA, constructing upon the necessities already listed in Sections 2242(c)(4)-(5) within the Invoice.
Upon passage of the invoice, Senator Peters stated, “Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars.”