Cyber Incident Reporting for Critical Infrastructure Act of 2021 2021-09-30 Introduced in House Cyber Incident Reporting for Critical Infrastructure Act of 2021

This bill requires reporting and other actions to address cybersecurity incidents, including ransomware attacks.

Entities that own or operate critical infrastructure must report cybersecurity incidents (e.g., ransomware attacks) within specified time frames while other entities may voluntarily report incidents. The Cybersecurity and Infrastructure Security Agency (CISA) must (1) carry out rulemaking to implement the reporting requirements, and (2) establish an office to receive and analyze such reports. To the extent practicable, CISA must align its rules with existing requirements related to the reporting of cybersecurity incidents.

The bill limits the use and disclosure of reported information. The information may be shared (subject to protections and restrictions) with federal agencies or to address cybersecurity threats. However, shared information may not be used as a basis for certain regulatory enforcement. Additionally, an entity may not be liable for submitting required reports. Further, reports are not subject to laws governing release of federal or other governmental records.

The bill authorizes CISA to take specified action (e.g., issuing subpoenas) if an entity fails to submit a required report. CISA may share subpoenaed information with a regulator or the Department of Justice for regulatory enforcement or criminal prosecution.

]]> text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.