U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security
Hackers Hijacking Email Reply Chains on Unpatched Exchange Servers to Spread Malware
March 3, 2022REMINDER: Texas RE to Conduct Align Release 3 Training
March 4, 2022
Summary:
Hours before the State of the Union address, the Senate unanimously passed the Strengthening American Cybersecurity Act, which is actually various bills that have now been made into one piece of legislation. Months ago, the measures had previously been removed from the annual defense policy bill. The U.S. Senate unanimously passed the "Strengthening American Cybersecurity Act" on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours.
Additional Discussion:
Furthermore, affected organizations are required to preserve relevant data and promptly share updates "to a previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report."
The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act (CIRA), the Federal Information Security Management Act (FISMA), and the Federal Secure Cloud Improvement and Jobs Act (FSCIJA).
While FISMA incorporates more effective cybersecurity practices, FSCIJA aims to accelerate the deployment of cloud computing products and services, and drive stronger adoption of secure cloud capabilities, create jobs, and reduce dependency on legacy information technology.
Associated Files:
