The U.S. is moving closer to enforcing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which mandates critical infrastructure entities to report significant cyber incidents within 72 hours and ransom payments within 24 hours, aiming to bolster national security and public safety. These regulations are designed to enable a more coordinated response to cyber threats, allowing for the rapid deployment of assistance and sharing of threat information across sectors to prevent further attacks. While the rule aims to protect and strengthen critical infrastructure against digital threats, concerns have been raised about the additional compliance burdens it places on organizations, especially those with limited security personnel and resources. The industry is also encouraged to submit their feedback during a 60-day public commentary period before the regulations are finalized.
