That said, Mr. Chair, I think the intention makes a lot of sense, but if this is already covered within the rest of the act, what the amendment proposes is to create a 24-hour rule for a specific type of attack, which is ransomware, versus what we just discussed about having an overall regulation around the timing of reporting for all activities.
If we start breaking up these cyber-incidents and create different standards for reporting, I think it will become confusing, and that confusion could even cause sectors to not know when or what to report.
For clarity's sake, I feel comfortable that a ransomware attack would be covered in the reporting side of the rest of this legislation. We don't need to isolate and create a specific new reporting time frame just for ransomware.