The policy environment surrounding cybersecurity has changed drastically over the years. To show this promptness, The Strengthening American Cybersecurity Act of 2022 was passed by the U.S. Senate unanimously on March 1, 2022.
The new legislation will usher in a sweeping change in all areas relating to cybersecurity, such as the federal legal landscape and cyber incident responses. This act comes after several related pieces of legislation failed to win passage in the past years.
The package was first introduced to the House by U.S. Senator Gary Peters (D-Mich.). It addressed crucial changes in the protection of critical government infrastructure and cybersecurity needs in response to the current geopolitical tension in Eastern Europe. The continued tension may lead to adverse cyber security issues that require effective prevention measures.
President Joe Biden continues to pursue peace among these nations as several branches of the U.S. government. Allied nations are preparing to tighten their security infrastructure and create airtight cyber solutions.
The act combines pieces of three bills aimed at regulating the protection of I.T. infrastructure. The bill is up to be an extra cybersecurity procedure for the federal government, allowing for the amendment, modernizing, and unifying of cybersecurity best practices. It also sets the best standards for the U.S.
Each act addresses a specific issue that companies and federal agencies must follow to help prevent cyber threats. In particular, the three acts address the following:
The Federal Information Security Modernization Act
This is the first act included in the new strengthening cybersecurity bill. It contains an update of federal cyber laws to help in improving coordination and fast communication between agencies. The act tasks all groups responsible for cyber security to share cyber incident information with the Cybersecurity and Infrastructure Security Agency (CISA).
The acts address issues such as:
The Cyber Incident Reporting for Critical Infrastructure Act
The second act addresses the requirement for companies to deal with any potential cyber threats they may face. Every company must report any substantial cyber threat within the first 72 hours and ransomware payments in the first 24 hours to CISA.
The act seeks to work on:
The Federal Secure Cloud Improvement and Jobs Act
This is the third and final act of the three acts outlined in the strengthening cybersecurity bill of 2022. The Senate passed the act in December 2021 to make it easier for federal agencies to receive approvals for using cloud technologies. It also involved modernization efforts to strengthen the overall cybersecurity posture of all government branches.
Following the recent surge in data breaches and geopolitical uncertainties, the act focuses on several aspects of cybersecurity. The basics include:
Reporting an Incident
The key focus of the act is to offer a clear and accessible path for reporting cybersecurity incidents to CISA. The path requires a clear definition to allow cross-functional information for fast communication between CISA and any relevant agency like the FBI.
The agencies can then collect and analyze data to identify the culprit. The act also discusses the minimum reporting requirements for ransomware and any cyber threats.
For cybersecurity incidents, the acts provide requirements like:
For ransomware attacks, the acts specify these requirements:
The increasing federal attention and regulation of cybersecurity management have potential widespread implications for every business in the U.S. A risk-based approach is the subtlest method to cater to this federal level.
The act may not take effect immediately, but companies operating outside critical infrastructure must remember that having appropriate protection is a crucial step in mitigating and assessing risks. Generally, these standards will impact the private sector in the future. It would be best to prepare well in advance by evaluating the likelihood and impact of the risk on your company.
Assessments also enable you to allocate resources to protect your business from future threats. Working with experts at Grok Technology is a practical step to analyzing your security standpoint and getting relevant preventive measures for current and future threats.
We will work together to assess your cybersecurity policy and then formalize standards and practices to help protect the entire enterprise. Some of the first steps to take immediately are:
Grok Technology Services is your information technology guide. Talk to us today, and let us be your trusted I.T. partner.