Cybersecurity Incident Reporting for Critical Infrastructure Act: Reporting Timeframes, Liability Protection, Enforcement
Security Controls, Incident Response Team, Communication Plans, Evidence Preservation, Legal and Evidentiary Privileges
Recording of a 90-minute CLE video webinar with Q&A
This CLE course will discuss the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The panel will address when businesses must report to the Cybersecurity and Infrastructure Security Agency (CISA), the reporting timeframes, liability protections, and enforcement. The panel will discuss how this new regulation will affect data governance and incident response plans.
Outline
- Cyber Incident Reporting for Critical Infrastructure Act
- Cybersecurity and Infrastructure Security Agency
- Defined terms
- Covered cyber event
- Covered entity
- Timing
- Continued reporting
- Liability protection
- Confidentiality
- Exceptions to reporting requirement
- Mitigating risks and best practices
Benefits
The panel will address these and other important issues:
- What is the history of CIRCIA and its regulatory agency?
- How is "covered entity" defined in CIRCIA?
- What risks are associated with failure to report in a timely manner?
- What exceptions to reporting exist under CIRCIA?
Faculty
Guillermo Christensen
Office Managing Partner
Ice Miller
Mr. Christensen combines his experience as a former CIA intelligence officer, a diplomat with the U.S. Department of... | Read More
Mr. Christensen combines his experience as a former CIA intelligence officer, a diplomat with the U.S. Department of State, and an attorney to shape and inform the advice he provides to clients on enterprise risks involving cybersecurity, national security and complex international business matters. He integrates his international investigation experience and technical knowledge to deal with the challenges of conducting information security risk assessments that take a “whole of company” approach to managing responses to security incidents and breaches, including those where a nation-state or insider threat may be involved. Drawing on his national security background, Mr. Christensen also counsels clients in dealing with economic sanctions and embargoes administered by the Office of Foreign Assets Control (OFAC), including complex technology matters involving China or fast moving compliance questions around ransomware payments.
Close
Shardul Desai
Partner
Holland & Knight
Mr. Desai is a cybersecurity, data privacy, and white collar defense and government investigations attorney. He has... | Read More
Mr. Desai is a cybersecurity, data privacy, and white collar defense and government investigations attorney. He has extensive experience in handling cyber intrusions and data breaches, trade secret thefts, emerging technology matters and complex white collar investigations. With a computer science and physics background, Mr. Desai is highly skilled and knowledgeable to advise companies on novel issues at the intersection of law, technology and data privacy. He is also a Certified Information Privacy Professional in the United States (CIPP/US) with the International Association of Privacy Professionals (IAPP). Mr. Desai is a former federal prosecutor in the Cyber and National Security Section and the Economic Crimes Section at the U.S. Attorney's Office for the Western District of Pennsylvania.
Close
Christopher K. Jones
Counsel
Sands Anderson
Working with corporations of all sizes, as well as insurers and their insureds, Mr. Jones handles the litigation needs... | Read More
Working with corporations of all sizes, as well as insurers and their insureds, Mr. Jones handles the litigation needs of his clients from the claims stage through to litigation. He is experienced with a variety of matters, including privacy and data security. Mr. Jones also works with clients to avoid the pitfalls of litigation altogether by managing risk and implementing privacy plans that fit their unique needs. He is a frequent author and lecturer on many aspects of the law.
Close