Senators Gary Peters (D-MI) and Rob Portman (R-OH) on the Homeland Security Committee introduced
legislation on Tuesday, 9/28, requiring critical infrastructure, nonprofits, businesses with more than 50
employees, and state and local governments to report cybersecurity attacks. Critical infrastructureowners and
operators must report to the Cybersecurity and Infrastructure Security Agency within 72 hours if they are
experiencing cyberattacks. All others are required to notify the federal government within 24 hours if they make
ransomware payments.

Click to read the full briefing.