The Cybersecurity and Infrastructure Security Agency (CISA) has passed legislation that will focus on improving existing cyber acts. Organizations will be obliged to report cyber incidents to the CISA within 72 hours. The companies will also have to register any ransomware payments made within 24 hours to the CISA. The legislation was passed as part of the Consolidated Appropriations Act 2022. In his article for Infosecurity Magazine, James Coker talks about the future of cybersecurity based on modern cyber acts legislation. He also shares how cyber legislation can transform the future of cybersecurity at the organizational level.
How Incident Legislation Will Impact Cyber Acts
Many businesses have experienced ransomware attacks that hamper the data infrastructure and economy. The incident reporting legislation will help federal agencies, such as the Department of Justice and the FBI, strengthen their standardized cybersecurity framework. The reporting requirements will apply to 16 US critical infrastructure divisions. The incident reporting legislation will focus on enhancing the resilience and safety of the business operations.
The Process and Framework of the Cyber Legislation
When reporting an incident per the legislation, the compromised company must describe relevant vulnerabilities and how it resolved the situation. The legislation also focuses on the categories of cyber acts that will give them a better idea of the cyber-attack. Jen Easterly, director of CISA, mentions that the new legislation will strengthen the data infrastructure of government agencies. It will also help them address the cyberattack situations quickly and more effectively.
It is crucial that private organizations share even the slightest occurrence of a cyberattack. It will help CISA fill in the essential information gaps and allocate necessary resources to resolve or minimize the impact of cyberattacks. The current political administration has focused on this executive order to increase supply chain security and reduce the risk response time.
Click on the link to read the original article:
https://www.infosecurity-magazine.com/news/us-cyber-incident-reporting/
