Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first of many steps toward a federal privacy and breach notification framework.

Included in SACA is the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act), which will create new reporting obligations with very short deadlines for businesses and government entities that operate in certain critical infrastructure sectors, as defined by the Cybersecurity and Infrastructure Security Agency (CISA). The critical infrastructure sectors identified by CISA encompass industries ranging from energy to healthcare. The Act assigns the director of CISA 24 months to publish a notice of proposed rulemaking and permits an additional 18 months after publication of the proposed rule before a final rule must be issued.

What Should Companies and Organizations Be Doing Now?

Although there is some time before the final rule is issued, it is important

Read more

Explore the site

More from the blog

Latest News