The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick reporting requirements following certain cyber incidents. This new incident reporting framework – if adopted as proposed – would mark a sea change
Despite the likely 2026 effective date, it is not too early for organizations to consider the steps they will need to take in order to comply with these rules once they take effect. There are new requirements, including for data and record preservation, and setting up appropriate policies and practices are likely to take some
(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.) × This page requires Javascript. Javascript is required for you to be able to read premium content. Please enable it in your browser settings.
Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure. The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new draft for updated rules on cyber reporting for critical infrastructure organizations. In an effort to update its Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022, CISA released the first draft of new proposed rules, which will be published in the Federal
U.S. Cybersecurity and Infrastructure Agency Releases Proposed Rules on Breach Reporting Requirements On March 27, 2024, the U.S. Cybersecurity and Infrastructure Agency (“CISA”) released an unpublished version of a Notice of Proposed Rulemaking (“NPRM”), as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). The NPRM will be officially published on
On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. The Proposed Rule, which will be formally published in the Federal Register on April 4, 2024, proposes