TIG Advisors TIG Advisors

On March 1, 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act), which requires covered entities to report certain cyber incidents. The Act requires covered entities that experience a covered cyber incident to report the incident to the Cybersecurity and Infrastructure Security Agency (CISA) no later than 72 hours after the covered entity reasonably believes that the covered cyber incident has occurred. The new cybersecurity reporting requirements are meant to provide greater cybersecurity visibility for the federal government. The requirements will go into effect once the rule is published in the Federal Register, after going through the formal rulemaking process.

New Cybersecurity Reporting Requirements

March 1, 2022  – Congress passes the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Covered entities will be required to report cyber incidents within 72 hours and ransomware payments within 24 hours.

Act Overview

An entity will be covered by and required to report under this Act if it is in a critical infrastructure section. An infrastructure system or asset is critical if it so vital to the United States that its incapacity or destruction would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

In addition, a covered entity that makes a ransom payment as the result of a ransomware attack against must report the payment to the CISA no later than 24 hours after the ransom payment has been made. This requirement applies even if the ransomware attack is not a covered cyber incident subject to the 72-hour reporting requirement.

The Act requirements do not apply to covered entities or their functions if the CISA determines they constitute critical infrastructure owned, operated or governed by multi-stakeholder organizations.

Next Steps

Covered entities should review the Act’s requirements and continue to monitor the Federal Register for an update on the Act’s effective date. Continue to follow the TIG Advisors blog for updated information.

Ready to take the next step?

Let’s Connect Today
×
Columbia Office
200 Southampton Dr
Columbia, MO 65203
P: 573-875-4800
F: 573-875-4514
Jefferson City Office
3325 Emerald Lane
Jefferson City, MO 65101
P: 573-634-1141
F: 573-875-4541

St. Louis Office
16091 Swingley Ridge Road, Ste 150
Chesterfield, MO 63017
P: 636-537-0002
F: 573-875-4514
Subscribe for the latest updates from TIG Advisors

Our regular newsletter provides the latest updates on compliance, HR, benefits and much more. 

Thanks, I’m not interested