Proposed Cyber Requirements Would Affect Thousands More Companies
May 30, 2024
A proposed rule from the Cybersecurity and Infrastructure Security Agency (CISA) introduces new cyber requirements for companies. Under this rule, businesses must report cyber breach incidents within 72 hours of discovery or within 24 hours after making a ransomware payment. CISA, part of the US Department of Homeland Security, is pushing these proposed cyber requirements under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). This represents a significant shift in the U.S. cyber regulatory environment.
According to an article on the CSO website, the impact of these requirements is notable not because of the reporting timetable, but due to their broad scope. The rule expands the definition of “critical infrastructure” far beyond the traditional list of ports, dams, and power plants.
“In fact,” writes Anand Oswal, senior VP and General Manager of Network Security at Palo Alto Networks, “CISA’s proposed rule actually includes any entity that is not a ‘small business’ operating within 16 different sectors, encompassing a range of industries across the entire economy – from communications to healthcare, food and agriculture, and beyond.”
According to projections from CISA, more than 316,000 organizations will fall under the newly proposed cyber requirements. The burden, however, may be mitigated somewhat by the stipulation that to be reportable the cyber incident must be “substantial,” and it must fall under certain designated scenarios.
Oswal calls the proposed reporting requirements part of an emerging and far more stringent regulatory landscape. This development, he says, underscores the need for advanced and integrated security platforms, bolstered by AI, and built into the business by design instead of being patched in as an afterthought.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.