Peters Statement on Draft Rule Requiring Critical Infrastructure to Report Cyberattacks

Rule was Directed by Peters Landmark Law to Address Growing Cybersecurity Threats

WASHINGTON, D.C. –  U.S. Senator Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, released the following statement after the Cybersecurity and Infrastructure Security Agency (CISA) posted the proposedrulemaking for the implementation of Peters’ cyber incident reporting law that will require critical infrastructure owners and operators to report when they experience a substantial cyberattack or make a ransomware payment:   

“Cybersecurity threats to our critical infrastructure pose serious risks to our daily lives and our national security, and we must be ready to defend our most essential systems and networks. This groundbreaking rule will ensure critical infrastructure owners and operators report cyberattacks and ransomware payments to the federal government, allowing our nation’s cybersecurity agencies to help them respond to and recover from significant attacks and prevent future breaches. Once finalized, this rule will make our critical infrastructure sectors more secure against rising threats posed by foreign adversaries and other attackers and help keep Americans safe.”   

The draft rule was required by a provision based on Peters’ Cyber Incident Reporting for Critical Infrastructure Act that was signed into law as part of government funding legislation in 2022. The provision and subsequent rulemaking is a significant step towards helping the United States combat potential cyberattacks sponsored by foreign adversaries, including potential threats from state-sponsored actors based in China or Russia, ransomware gangs, and other cybercriminal groups.