MAR 11, 2022 | US
Cyber-Incident Reporting Legislation Clears House in Bipartisan Spending Bill
Nextgov, March 11, 2022
By Mariam Baksh
Legislation requiring private companies to report cybersecurity incidents to the Cybersecurity and Infrastrcucture Security Agency could hitch a ride to the president’s desk in an omnibus spending bill set for consideration in the Senate Thursday following House passage.
“We believe the 72 hours should run, not from an entity’s reasonable belief, but from knowledge that a covered incident occurred,” Henry Young, policy director for BSA | The Software Alliance, said in an email reacting to the Senate’s passage of the incident reporting legislation. “Prior to knowing, a company is still investigating, and its focus should be on determining whether there is anything to respond to and report. If the bill becomes a law, BSA looks forward to working with DHS to do the important and challenging work of defining ‘covered entity’ and ‘covered cyber incident."
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.