
Bipartisan legislation requiring critical infrastructure entities to report cyber incidents affecting their networks to the federal government was excluded from a final defense authorization bill. Similar cyber incident reporting bills were introduced in the House and Senate this year and would have required owners and operators of critical infrastructures to report cyber incidents within 72 hours of an attack being discovered. Momentum for mandatory cyber incident reporting gathered steam in the wake of a ransomware attack in May against the…