Actions
This legislation amends the Homeland Security Act of 2002 (6 U.S.C. 651) to require covered
critical infrastructure owners and operators to report defined cyber incidents to DHS’
Cybersecurity Information and Security Agency (CISA) within 72 hours of having a reasonable
belief that an incident has occurred.