By Unanimous Consent on March 2, 2022, the U.S. Senate passed the Strengthening American Cybersecurity Act of 2022.

When enacted into law, this bill, S. 3600, will strengthen the federal government’s networks again cyberattacks. The bill will require critical infrastructure owners and operators, such as water utilities, to report cyber incidents to the Cybersecurity & Infrastructure Security Agency (CISA), which is a branch of the U.S. Department of Homeland Security.

Critical infrastructure owners and operators will be required to report to CISA within 72 hours if they are experiencing a substantial cyberattack. Reporting within 24 hours will be required if they make a ransomware payment. Critical infrastructure entities include banks, electric grids, water utilities, hospitals and health care networks, transportation systems, and other systems that serve the general public and public safety.

The bill has had strong bipartisan support throughout the drafting process. The bill was quickly passed by the Senate without objection or debate. Likewise, it is expected to pass the House soon.

Although the U.S. Department of Justice has expressed concerns about the legislation leaving the Federal Bureau of Investigation out of the cyberattack reporting requirement chain, President Bident is expected to sign the bill into law.