Bill Sponsor
BILLSPONSOR
Bill Sponsor
Politicians
Bills
House Bill 5440
117th Congress(2021-2022)
Cyber Incident Reporting for Critical Infrastructure Act of 2021
Introduced
Introduced
Introduced in House on Sep 30, 2021
Overview
Text
Introduced
Sep 30, 2021
Latest Action
Oct 1, 2021
Origin Chamber
House
Type
Bill
Bill
The primary form of legislative measure used to propose law. Depending on the chamber of origin, bills begin with a designation of either H.R. or S. Joint resolution is another form of legislative measure used to propose law.
Bill Number
5440
Congress
117
Policy Area
Science, Technology, Communications
Science, Technology, Communications
Primary focus of measure is natural sciences, space exploration, research policy and funding, research and development, STEM education, scientific cooperation and communication; technology policies, telecommunication, information technology; digital media, journalism. Measures concerning scientific education may fall under Education policy area.
Sponsorship by Party
Democrat
Yvette Clarke
New York
Democrat
Bennie Thompson
Mississippi
Republican
Andrew Garbarino
New York
Republican
John Katko
New York
House Votes (0)
Senate Votes (0)
No House votes have been held for this bill.
Summary

Cyber Incident Reporting for Critical Infrastructure Act of 2021

This bill requires reporting and other actions to address cybersecurity incidents, including ransomware attacks.

Entities that own or operate critical infrastructure must report cybersecurity incidents (e.g., ransomware attacks) within specified time frames while other entities may voluntarily report incidents. The Cybersecurity and Infrastructure Security Agency (CISA) must (1) carry out rulemaking to implement the reporting requirements, and (2) establish an office to receive and analyze such reports. To the extent practicable, CISA must align its rules with existing requirements related to the reporting of cybersecurity incidents.

The bill limits the use and disclosure of reported information. The information may be shared (subject to protections and restrictions) with federal agencies or to address cybersecurity threats. However, shared information may not be used as a basis for certain regulatory enforcement. Additionally, an entity may not be liable for submitting required reports. Further, reports are not subject to laws governing release of federal or other governmental records.

The bill authorizes CISA to take specified action (e.g., issuing subpoenas) if an entity fails to submit a required report. CISA may share subpoenaed information with a regulator or the Department of Justice for regulatory enforcement or criminal prosecution.

Text (1)
Introduced in House
September 30, 2021
Related Bills (1)
Sep 23, 2021
Passed House
2
Sponsorship
House Bill 4350
National Defense Authorization Act for Fiscal Year 2022
Active
Amendments
Type
Related Bill
Related Bill
A related bill may be a companion measure, an identical bill, a procedurally-related measure, or one with text similarities. Bill relationships are identified by the House, the Senate, or CRS, and refer only to same-Congress measures.
Identified By
CRS
Actions (3)
10/01/2021
Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation.
09/30/2021
Referred to the House Committee on Homeland Security.
09/30/2021
Introduced in House
Public Record
Record Updated
May 11, 2023 3:45:15 PM
Copyright © 2024 Civic Bits LLC
Privacy Policy
Terms of Service
What's New
About