CISA Archives

CISA

Browsing

In Cybersecurity

Federal oversight of cyber threats to critical infrastructure continues to gain traction

March 7, 2023 by Rachel Ehlers, Nick Merker, Avi Toltzis and Mariana Oliver 4 Mins Read

In brief Critical infrastructure has been the focus of several recent US cyber readiness initiatives, although the results have left a patchwork of regulations that may be enforced differently across sectors and federal agencies. As an example, in March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which will require critical infrastructure organizations to report cyber incidents and ransom payments to the US Cybersecurity and Infrastructure…

In Cybersecurity

Congress Publishes “Game-Changer” Breach Reporting Law, Compliance Requirements Unclear

March 18, 2022 by Cyrus R. Vance Jr., Brian Hengesbaugh, Nick Merker, Teresa Michaud, Jessica Nall, Stephen Reynolds, Jerome Tomas, Harry Valetk, Cristina Messerschmidt and Mason Clark 6 Mins Read

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…