Interested in training for your team? Click here to learn more

CISA's New Proposed Cyber Incident Reporting Rule: Covered Entities, Enforcement, Exceptions, Penalties

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, August 21, 2024

Recorded event now available

or call 1-800-926-7926

This CLE webinar will provide an overview of the proposed rule recently released by the U.S. Department of Homeland Security's Cybersecurity Infrastructure and Security Agency (CISA) requiring covered entities to report cyber incidents and ransom payments to CISA within prescribed time periods. The speaker will discuss the requirements of the proposed rule and provide guidance for advising clients on steps they should start taking now to prepare for this new cyber reporting framework.

Description

On Mar. 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law. On Apr. 4, 2024, CISA published a comprehensive proposed rule for implementing CIRCIA's requirements.

The proposed rule applies to a wide range of companies that fall into either of two categories: (1) entities operating in critical infrastructure sectors, except for small businesses as defined by the Small Business Administration; or (2) entities operating in critical infrastructure sectors that fulfill sector-based criteria, even if the entity is a small business. The critical infrastructure sectors generally include defense industries, communications, energy, food and agriculture, financial services, information technology, transportation, government facilities, and healthcare.

Under the proposed rule, covered entities must report "substantial" cyber incidents, which include events that result in a substantial loss of confidentiality, integrity, or availability of a covered entity's information system or network; have a serious impact on the safety and resilience of a covered entity's operational systems and processes; a disruption of a covered entity's ability to engage in business or industrial operations or deliver goods or services; and unauthorized access to a covered entity's information system, network, or nonpublic information.

Listen as Harley Geiger, an experienced cybersecurity law and policy attorney, summarizes the key aspects of the proposed new rule and provides guidance for advising clients on revising or developing security programs and cyber incident response strategies to meet the rule's requirements.

READ MORE

Outline

  1. Overview of CISA's new proposed rule
  2. Covered entities--broad definition of "critical infrastructure"
  3. Substantial cyber incidents
  4. Reporting requirements and how they harmonize with other cyber disclosure rules
  5. Exemptions from reporting
  6. Data retention and recordkeeping requirements
  7. Enforcement and penalties
  8. Timeline for implementation of the proposed rule
  9. Steps businesses should take now in preparation for this new regulatory framework
  10. Final thoughts and key considerations

Benefits

The speaker will discuss these and other relevant issues:

  • What is the background regarding the new proposed rule?
  • What companies are considered "covered entities" under the proposed new rule?
  • What types of cyber incidents must be reported and what are the prescribed timeframes for reporting?
  • What are the exemptions from reporting?
  • How will CISA enforce the proposed new rule and what are the penalties for failing to submit a required report?

Faculty

Geiger, Harley
Harley L. Geiger
Counsel
Venable

Mr. Geiger counsels organizations on a wide variety of cybersecurity law and policy matters. When advising clients on...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video