The increasing pressure on critical infrastructure industries in the U.S. has increased the necessity for laws addressing how organizations respond to security incidents, especially when contracted by the federal government.
The first example of this was Biden's 2021 executive order on "increasing the nation's cybersecurity". Over the course of the year the administration has continued to strengthen certain critical industries in cooperation with the Cybersecurity and Infrastructure Security Agency(CISA). The most recent step taken in improving the nation security posture is Biden's Cyber Incident Reporting Act. Included in the most recent omnibus spending bill, the Cyber Incident Reporting Act requires organizations within certain industries to report cyber incidents in specific ways.
Such critical infrastructure sectors includes:
and 10 other sectors to operation in the U.S. You can view CISA's website to see the full list of critical infrastructure sectors.
While many of these sectors already adhere to regulations regarding cybersecurity the Cyber Incident Reporting Act is another step to standardize practices between sectors of the private and government cyber landscape.
If you believe your organization falls under one of these sectors then what does this law mean for you? The law requires that if your organization is hit with a ransomware attack or other form of cyber incident then it must report to the Cybersecurity and Infrastructure Security Agency (CISA). The report must be made within 72 hours of experiencing a cyber attack and within 24 hours of making a ransomware payment.
This law has been a long time coming and represents the next steps the federal government is taking in increasing the nations security posture. What's even more impressive is that the Senate passed this legislation unanimously and with full bipartisan support. This united front against cyber criminals from the federal government should press the importance of the private sectors commitment to maintaining secure organizations.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.