United States of America: Signed Cyber Incident Reporting for Critical Infrastructure Act of 2022

On 15 March 2022, the United States President signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Act was incorporated in the Consolidated Appropriations Act of 2022 and was previously part of the Strengthening American Cybersecurity Act of 2022. The Act establishes a Cyber Incident Review Office in the Cybersecurity and Infrastructure Security Agency (CISA) and requires critical infrastructure controllers and civilian federal agencies to report any significant cyberattack to the CISA within 72 hours. Ransomware attacks to critical infrastructure must be reported within 24 hours.