Skip to main content

What the Newly Signed US Cyber-Incident Law Means for Security

posted onMarch 16, 2022
by l33tdawg
Dark Reading
Credit: Dark Reading

When President Biden signed the omnibus spending bill Tuesday, he also put the bipartisan Cyber Incident Reporting Act into effect, which requires critical infrastructure companies in the 16 industry sectors identified by the federal government to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they are experiencing a cyberattack and within 24 hours of making a ransomware payment.

While this wasn't the all-encompassing data breach law that has been stalled in Congress for many years, it was notable in that the Senate passed the legislation unanimously. The bill was championed by Sen. Gary Peters (D-Mich.) and Sen. Rob Portman (D-Ohio); it covers a broad swath of the economy, including the defense industrial base sector, which has more than 100,000 companies alone.

"It's a game changer," says Tom Kellerman, head of cybersecurity strategy at VMware. "It's a fundamentally important strategic decision made by the federal government to finally eliminate the plausible deniability that had existed for far too long. ... Corporations have [for some time] underinvested in cybersecurity because they could always maintain plausible deniability."

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th