In The News

Policy Briefing

The CyberWire

11 Mar 2022

Alex Iftimie spoke to The CyberWire about the Strengthening American Cybersecurity Act, a reporting mandate that would require critical infrastructure operations to notify the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a breach and 24 hours of a ransomware payment.

“The new law is the first federal statutory requirement for private sector reporting of cyber incidents,” Alex said. “The requirement will apply to energy, financial services, food and agriculture, healthcare, and information technology, among other critical infrastructure sectors. A number of key provisions—including the precise scope of critical infrastructure entities to which the requirement will apply and the types of cybersecurity incidents that will require reporting—are left to be further defined through CISA regulations, so it will be important to monitor how the requirements evolve.”

He added: “A critical task for CISA is to work with other agencies to harmonize reporting requirements and to create one door for the reporting of cyber incidents to the federal government, to replace the regulatory patchwork that currently exists.”

Read the full article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.