New US law forces companies to disclose attacks

The US government has passed another law in a bid to fight cybercrime. On March 11, the Senate passed new legislation drawn up by senators Gary Peters and Rob Portman. It states that any US critical infrastructure institution must declare when it has suffered a new cyberattack on its systems. This law is part of President Biden’s attempt to improve US national cybersecurity following several notorious attacks in recent times. It comes at a crucial time. With experts expecting fresh attacks on critical infrastructure due to the Ukraine conflict, companies will now have to notify the government within 72 hours of an attack – or 24 hours if they are making a ransomware payment. Should companies not notify the authorities, they can now face severe penalties.