DHS and Cyber: What Should Companies Expect?
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: North Dakota Passes Law...more
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
On April 4, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published for public comment a long-awaited proposed rule to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022...more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more
The US Cybersecurity and Infrastructure Security Agency (CISA) has recently released draft rules that are set to reshape how critical infrastructure companies report cyberattacks to the US government. The rules are designed...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
The federal Cybersecurity & Infrastructure Security Agency (CISA) has issued a request for information (RFI) seeking public input on its development of cyber incident and ransom payment reporting rules under the Cyber...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in...more
In the wake of Russia’s invasion of Ukraine, and amid growing concerns regarding the threat of increased cyberattacks targeting infrastructure and other critical industries, there has been a flurry of federal activity to...more
The month of March has seen significant developments in the cybersecurity and data protection space. Here are four key legal developments that could be critical to your business. . . ...more
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (the Act) as part of the Consolidated Appropriations Act of 2022. The Act requires "critical sector" entities to...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 ("the Act") was signed into law by the President on March 15, 2022, as part of the Consolidated Appropriations Act. The purpose of the Act is to educate...more
Included within the Consolidated Appropriations Act, 2022, signed by President Joe Biden on March 15, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Act) creates new data breach reporting requirements....more
On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
As we reported on September 9th, meaningful and robust federal cybersecurity legislation is nearly across the finish line. Since then, further developments indicate that reporting mandates are imminent. On September 21st, the...more
In the wake of several recent high-profile cyber and ransomware attacks on critical infrastructure, Committees in both the House and Senate are drafting at least three separate pieces of legislation that would require victims...more