Building a safer and more secure world is at the core of Palo Alto Networks' vision, but we can only achieve this by working together to make the entire Internet safer. Achieving this requires broader awareness of cyber threats and information sharing, and the Cybersecurity and Infrastructure Security Agency's (“CISA”) new proposed cyber incident reporting rules will accomplish this goal. The purpose is that.
The proposed Critical Infrastructure Cyber Incident Reporting Act (CIRCIA) reporting requirements would require covered companies to report certain cyber incidents within 72 hours of discovery and pay for ransomware attacks within 24 hours. Reporting is required. This represents a major change in the U.S. cyber ecosystem, as the proposed rule is so broad that it extends reporting requirements to previously unregulated entities.
Although the rule applies to companies deemed to be “critical infrastructure,” many companies believe this designation extends beyond traditional “owner-operators” such as shipping ports, dams, water treatment facilities, and power plants. You might be surprised to find out what you do. In fact, CISA's proposed rules include any entity other than a “small business” operating within 16 different sectors, covering a wide range of industries across the economy, from telecommunications to health care, food, agriculture, and more. Additional organizations would also be covered under certain criteria described in the proposed rule. This new rule will affect a huge number of businesses. In fact, CISA estimates that the proposed rule would cover more than 316,000 organizations across the economy. Given the vast scope of this proposed proposal, it would impose new responsibilities to report incidents related to cybersecurity operations that could impact businesses.
The proposed new guidelines would require companies to report these “qualified cyber incidents” within 72 hours (or within 24 hours of ransomware payment). Eligible cyber incidents are “severe” and impact data integrity, confidentiality, and availability, such as data breaches where large amounts of customer data are stolen or ransomware attacks that lock down corporate systems until payment is made. should reflect the specific scenario in which it affects you. These are just two examples of situations that would be covered by the proposed rule.
Part of the goal of this proposal is to find patterns, inform others of possible risks, and provide timely assistance to affected businesses. The proposed rule also calls for certain protections for those who comply and consequences for those who do not.
This proposal is still in its early stages and may evolve in several ways before it is finalized. As it stands, the proposed rules are very broad and would impact a wide range of organizations. The cybersecurity regulatory landscape continues to evolve, and CIRCIA's incident reporting requirements are just one of many new regulations that organizations must comply with. We anticipate that this increased pressure may translate into demand for cybersecurity solutions that can better achieve compliance by simplifying the process of identifying and responding to cyber incidents.
Protecting critical infrastructure
This highlights the importance of investing more than ever in advanced security platforms to meet security challenges while quickly and efficiently responding to evolving regulatory requirements. This may include:
- Implement comprehensive security measures to ensure visibility into your assets and risk exposure. Use it for continuous monitoring and inspection for malicious activity and anomalies.
- Leverage AI-driven automation tools to support security operations to investigate, respond to, and remediate threats. These tools also exist for data classification, which automates the classification of documents, including sensitivity level, and increases protection against data leakage.
- Consider where you can reduce operational complexity to build more reporting capacity. This includes streamlining the cybersecurity tools you use and empowering your teams with AI technology.
- Consider how to build cybersecurity into your business by design, rather than patching solutions as an afterthought. Having a clear picture of your vulnerabilities and weaknesses will help you figure out where to prioritize those efforts.
- As more information about incidents becomes public, you will be better equipped to transparently address cyber risks for your business.
As governments around the world continue to develop regulatory requirements targeting cybersecurity protection and incident reporting, the best way to be prepared is through a platform approach. We simplify your efforts by creating a unified, AI-powered user experience, giving you an “all-access backstage pass” to see your entire cybersecurity ecosystem in one place. This creates interoperability between security solutions and improves visibility and control of your security infrastructure. It also provides unified management and operations, allowing you to create policies from one place and consistently enforce them anywhere through rapid cloud-based deployment. Essentially, it's a comprehensive solution that brings all your data together with a unified approach to reporting, ready for whatever rules come your way.
This level of integration is also key to creating better security outcomes. The industry standard must be near real-time resolution, as there is a growing discrepancy between the speed of attack and speed of resolution. This is difficult, if not impossible, for companies that stitch together numerous security products. Reducing operational complexity by streamlining the number of tools and vendors makes it easier to manage your environment, maintain regulatory compliance, and quickly identify and respond to risks, resulting in better security outcomes. .
One thing is for sure: cybersecurity is not static, and neither are regulatory requirements. The most innovative and adaptive companies will thrive in this environment.
Learn more about.
