Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Strengthening American Cybersecurity Act of 2022 Overview:
- Who: President Joe Biden signed into law a federal cyberattack reporting requirement aimed at protecting critical infrastructure in the United States.
- Why: There have been a growing number of cyberattacks on critical infrastructure, and the senators say the law will help strengthen the nation’s cybersecurity.
- Where: Biden signed the law in Washington, D.C.
The United States has a new law aimed at protecting critical infrastructure from cyberattacks.
On Mar. 15, President Joe Biden signed into law a new federal cyberattack reporting requirement that will require operators of critical infrastructure to report cybersecurity episodes within 72 hours of them happening.
The Strengthening American Cybersecurity Act of 2022 was created to strengthen U.S. cyberdefenses and increase the power of agencies investigating cybersecurity incidents.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 is a part of the new law that focuses on how critical infrastructure organizations must report cyberattacks to the federal government.
The new law requires critical infrastructure owners and operators, including certain businesses in the chemical, energy, manufacturing, telecommunications and other sectors, to report to the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, within 72 hours if they experience a substantial cyberattack.
The law also requires critical infrastructure owners and operators to report if they had made ransomware payments to hackers to CISA within 24 hours.
The latest law is the first time the federal legislature has taken steps to mandate that critical infrastructure providers, mostly private enterprises, be more transparent with the government about the cyber threats they’re facing.
CISA will be tasked with fielding reports from the providers about “substantial” cyber incidents that comprise information systems or disrupt business operations, reviewing this data and disseminating it to “appropriate” federal agencies and private sector stakeholders.
Cyberattacks Increase in U.S.
The move comes as federal lawmakers push to protect the United States against increasingly prevalent threats from nation states like Russia and China.
An October cybersecurity report from Microsoft found Moscow-linked hacking groups are now increasingly targeting United States government organizations with government targets accounting for more than half of their targets for the year through June 2021, compared to just 3% the previous year.
The news comes as the Colonial Pipeline Company faces a lawsuit lodged by consumers and businesses after it had to shut down its pipeline due to a Russian cyberattack in May 2021.
The attack was perpetrated by a Russian hacking group that demanded a ransom after it allegedly gained access into Colonial’s systems. Colonial ultimately paid the hackers $4.4 million to end the assault, in addition to shutting down the pipeline serving vast swaths of the Eastern Seaboard for a time.
If you were affected by a data breach, you might be eligible to join or file a class action lawsuit. Lawyers are currently investigating recent data breaches nationwide and the impact that they’ve had on Americans (links to paid attorney content).
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- Data Breach at Georgia Healthcare Network Exposed 1.4M, Says Class Action Lawsuit
- Class Action Alleging Southwest Sold Tickets on Dangerously Faulty Boeing Planes Is Certified
- Scripps Health Hit With Another Class Action for Data Breach Affecting 147K Patients
- FBI Says It Needs Americans’ Help, Asks Congress to Make Ransomware Reporting Mandatory