In The News

Congress Seizes on Incident Reports in Fighting Cyberattacks


16 Mar 2022

Alex Iftimie spoke to Law360 about the Cyber Incident Reporting for Critical Infrastructure Act, which would require a broad range of companies that power the nation’s critical infrastructure to report “substantial” cyber incidents to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) within 72 hours and to disclose payments made in response to ransomware attacks within 24 hours.

"This bill and the requirements that we're seeing across the federal government for cyber incident reporting reflects the government's view that it still isn't seeing as much as it needs to see to be able to respond to threats," Alex said. 

He added: "What we're seeing here is a significant move toward a unified reporting structure, and that's really important for the private sector, which doesn't want to have to report the same incident to a bunch of federal agencies. It creates a one-stop shop for reporting to the federal government."

Read the full article (subscription required).



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.