Bipartisan Senate bill would require 24-hour Ransom Notice, 72-Hour Incident Report. Bill would require organizations to report ransom payments within 24 hours of delivery. Owners and operators of critical infrastructure would be required to report security incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours of discovery. The bill would also establish a Cyber Incident Review Office at CISA. The new body would have subpoena power over groups that fail to report – which could lead to inquiries from the Department of Justice and potential prohibition from doing business with the government.”]
Source: https://www.cuinfosecurity.com/new-legislation-eyes-both-ransom-incident-reporting-a-17650