New rules proposed for reporting critical infrastructure cyberattacks.

TLDR:

America’s cyberattack reporting rules for critical infrastructure operators are moving closer to implementation.
The proposed rule would require reporting of substantial cyber incidents within 72 hours and ransom payments within 24 hours.

America’s critical infrastructure cyberattack reporting rules are edging towards reality as the Feds have posted a notice of proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The rule would mandate organizations falling under critical infrastructure sectors to report substantial cyber incidents within 72 hours of discovery and ransom payments within 24 hours. The reports would not be publicly disclosed to encourage compliance and protect public service providers, but anonymized information would be shared with relevant industry sectors to enhance protection. The proposed rule is open for public comments for 60 days before becoming law, with detailed guidelines being developed by CISA to streamline reporting for critical organizations. Despite facing pushback due to added compliance strains, the rule is seen as a step in the right direction to enhance cybersecurity in critical infrastructure areas.

Post Views: 89

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses