Teacher
Professional
- Messages
- 2,670
- Reaction score
- 814
- Points
- 113
The US authorities should be aware of every attack on hundreds of thousands of companies.
The CISA submitted a draft law on mandatory reporting of critical infrastructure organizations on cyber attacks to the government.
The proposal has been published for public comment. The law that formed the basis of the rules was passed in 2022 and is aimed at improving the state's ability to track incidents and ransom payments to extortionists.
Secretary of Homeland Security Alejandro Mayorkas stressed that the innovations will strengthen the ability of CISA and other agencies to quickly respond to incidents and identify vulnerabilities in critical infrastructure in the United States. The law requires critical infrastructure organizations to report cyber incidents within 72 hours and ransom payments within 24 hours. The reports will be confidential and not subject to disclosure.
The CISA estimates that enforcement of the rule will cost $2.6 billion over the next 11 years. More than 316,000 organizations will be covered by the law, submitting the expected number of reports (more than 210,000) over 10 years. The Agency is also seeking additional funding to fully support the operation of the incident reporting office, despite the fact that the current allocation was less than requested.
The document pays special attention to exceptions, and officials emphasize their responsibility for using the information received in order to improve cybersecurity. Reports of affected organizations will not be published, but key information can be anonymized and distributed to warn the public about large-scale threats.
The public can comment on the bill for 60 days prior to its official publication, after which the CISA will make adjustments and formally adopt it within the next 18 months.
Cybersecurity experts expressed mixed feelings about the project, noting the importance of including small business organizations and making it easier for them to report so they don't miss out on important data. Experts also stressed the need for rapid implementation of the rule in light of increasing threats, such as ransomware attacks and foreign campaigns targeting critical US infrastructure.
The CISA submitted a draft law on mandatory reporting of critical infrastructure organizations on cyber attacks to the government.
The proposal has been published for public comment. The law that formed the basis of the rules was passed in 2022 and is aimed at improving the state's ability to track incidents and ransom payments to extortionists.
Secretary of Homeland Security Alejandro Mayorkas stressed that the innovations will strengthen the ability of CISA and other agencies to quickly respond to incidents and identify vulnerabilities in critical infrastructure in the United States. The law requires critical infrastructure organizations to report cyber incidents within 72 hours and ransom payments within 24 hours. The reports will be confidential and not subject to disclosure.
The CISA estimates that enforcement of the rule will cost $2.6 billion over the next 11 years. More than 316,000 organizations will be covered by the law, submitting the expected number of reports (more than 210,000) over 10 years. The Agency is also seeking additional funding to fully support the operation of the incident reporting office, despite the fact that the current allocation was less than requested.
The document pays special attention to exceptions, and officials emphasize their responsibility for using the information received in order to improve cybersecurity. Reports of affected organizations will not be published, but key information can be anonymized and distributed to warn the public about large-scale threats.
The public can comment on the bill for 60 days prior to its official publication, after which the CISA will make adjustments and formally adopt it within the next 18 months.
Cybersecurity experts expressed mixed feelings about the project, noting the importance of including small business organizations and making it easier for them to report so they don't miss out on important data. Experts also stressed the need for rapid implementation of the rule in light of increasing threats, such as ransomware attacks and foreign campaigns targeting critical US infrastructure.
