In the wake of Russia’s invasion of Ukraine, and amid growing concerns regarding the threat of increased cyberattacks targeting infrastructure and other critical industries, there has been a flurry of federal activity to implement new requirements for the reporting of cyber-attacks – including a new federal law that will introduce mandatory reporting obligations on many businesses. This activity impacts entities in both the public and private sector and furthers the federal government’s efforts to improve the nation’s cybersecurity, especially in light of the impending threat of increased cyberattacks. What do businesses need to know about the influx of legislation and regulatory activity that could soon impact your operations?
The Cyber Incident Reporting for Critical Infrastructure Act of 2022
Notably, the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was passed as part of the omnibus spending bill on March 15, requires mandatory reporting by critical infrastructure of substantial cyber incidents and ransomware payments. The Act imposes new mandatory reporting requirements for entities in the critical infrastructure sector – including…
