English
Congress and Senate have passed a new comprehensive Cyber Incident Reporting Bill that requires both Public and Private sector Infrastructure organizations to report cyber incidents to the US Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of discovering the incident. Any organization that pays Ransomware will have 24 hours to report to avoid both civil and potentially criminal penalties.
You must act now! Cyberattacks are up 40% in 2022 already.
In 2021, an attack occurred every 39 seconds.
These new laws and the hundreds of regulations to follow will be extremely beneficial in the long run to help public and private organizations detect and defend against cyberattacks but implementing the reporting tools by the Private Sector will create 100’s of billions of dollars in costs for organizations throughout the US and international partners to reach compliance. The ability to accurately track and analyze cyberattacks will help everyone improve threat intelligence and better protect and mitigate the risk of emerging threats.
72 hours is an extremely short amount of time to report for the vast majority of the organizations in any sector when you consider the current tools and the current state of Incident Response. The shortage of qualified employees available in the market make it impossible to investigate, report, and remediate cyber incidents. Third party solutions will be necessary to fill the gaps of the critical shortage of skilled employees.
Compiling the huge amount of data from cyberattacks has always been more estimate than fact and CISA is uniquely qualified to assimilate and disseminate the information. The budget for CISA has increased from $1.8 Billion in FY2021 to $52.2 Billion in FY2022 to address the increasingly dangerous world of cyber attacks by both State Sponsored and Criminal Organizations globally. The statement below was given by Jen Easterly:
“As the nation’s cyber defense agency, CISA applauds the passage of cyber incident reporting legislation. Thanks to the support of our many partners in Congress, CISA will have the data and visibility we need to help better protect critical infrastructure and businesses across the country from the devastating effects of cyber-attacks.
CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure. This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. CISA is committed to working collaboratively and transparently with our industry and federal government partners in order to enhance the security and resilience of our nation’s networks and critical infrastructure.
Put plainly, this legislation is a game-changer. Today marks a critical step forward in the collective cybersecurity of our nation.
We are also grateful to Congress for the unprecedented level of funding provided for CISA in the Fiscal Year 2022 Omnibus. This investment represents a recognition of the importance of our mission and the confidence of the Congress in our ability to defend our nation’s networks and critical infrastructure.”
You must act now!
Protect your customers, your company, and your reputation today.
Contact us today for an evaluation of your current Security Posture by eMail or at (888) 835-6247
Steven Chesser
