What Is CIRCIA and How Does This Cybersecurity Law Impact You?
What Is CIRCIA and How Does This Cybersecurity Law Impact You?
BY
CHRIS ODOGWU
PUBLISHED 5 DAYS AGO
The Cyber Incident Reporting for Critical Infrastructure Act seeks to beef up cybersecurity in the US. Here's how.
Man Seated in the Office With a Laptop
Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.
If you are a victim of a robbery attack, reporting it to the police can get you the help you need. They have the resources to apprehend the people who attacked you and protect you from subsequent robberies.
A new cybersecurity law in the US called CIRCIA promises to offer the help you need after experiencing a cyber threat or attack. To get the most out of it, learn more about CIRCIA, its requirements, and how you can benefit from it.
What Is CIRCIA?
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a federal law mandating “covered entities” that deal with critical infrastructure to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
If you encounter a cyberattack, you might want to share your experience with your security team or anyone else who can help prevent a recurrence. Until recently, sharing such information with a government agency was optional. CIRCIA now mandates organizations and chief information security officers (CISO) to report cyber incidents to CISA for a more secure cyber environment.
Signed into law by President Joe Biden in 2022, CIRCIA stipulates that you must report all cyber incidents not more than 72 hours after you become privy to them. Should you pay a ransom to attackers, you must report it within 24 hours.
What Does CIRCIA Consider a Cyber Incident?
Hacker in a Control Room
Before you make a report to CISA, you need to be sure that it qualifies as a cyber incident. In this context, a cyber incident refers to an illegal act that compromises a covered entity's system. The compromise could be in the form of a data breach, theft, exposure, etc.
But what exactly do “covered entities” mean? These are the organizations on CISA's list of designated critical infrastructure sectors, which includes communications, financial services, healthcare, and public health.
What Are the Requirements for Reporting Incidents Under CIRCIA?
As a new law, CIRCIA takes ideas from other cybersecurity laws like the Cybersecurity Information Sharing Act of 2015 and the Homeland Security Act of 2002 to formulate its policies. The requirements for reporting cyber incidents are as follows.
Covered Cyber Incident
Any incident you report under CIRCIA must be a “covered cyber incident”. This means a significant attack on the network or system of an organization or body that's in the critical infrastructure sector.
Substantial Cyber Incident
An incident qualifies as a substantial cyber incident when it has a substantial impact on the integrity, confidentiality, resiliency, and security of a covered entity's system. It’s also substantial when it disrupts their operations, network or system.
Malicious Intent
CISA points out that an incident is eligible for reporting when it was executed by the actor with malicious intent. Cyber incidents performed in good faith like ethical hacking to determine network conditions or prevent an intrusion don’t qualify.
Time Frame
CIRCIA demands that a covered entity reports a cyber incident within 74 hours following when they “reasonably believe” that such an incident has taken place on their system. Similarly, they must report any ransomware payment they make within 24 hours.
If you are reaching out to CISA, your report needs to contain certain key information about the cyber incident so they can offer the most assistance to you. Answering the following questions will guide you in providing the necessary information.
Where did the incident occur?
When did the incident occur?
What’s the nature of the incident?
How did the incident impact your operations?
What vulnerabilities did the incident exploit or escalate?
What techniques did the actor deploy for the incident?
How many systems or people were affected?
Have you informed anyone else about the incident?
What sector does your organization belong to?
How can CISA reach you for correspondence?
CISA states that all reports it receives are private, confidential, and admissible.
Who Does CIRCIA Affect?
People Seated in the Office
CIRCIA affects only covered entities. As mentioned earlier, covered entities are organizations or businesses in the critical infrastructure sectors, particularly the following 16 industries:
Chemical
Commercial Facilities
Communications
Critical Manufacturing
Dams
Defense Industrial Base
Emergency Services
Energy
Financial Services
Food and Agriculture
Government Facilities
Healthcare and Public Health
Information Technology
Nuclear Reactors, Materials and Waste
Transportation Systems
Water and Wastewater Systems
How Do You Report Cyber Incidents Under CIRCIA?
If you experience a cyber incident, you can report it to CISA by filling out a designated incident report form. The various sections of the form capture relevant information about the incident.
Alternatively, if you haven't already filled out the form, you can make your report via email by sending details of the incident to [email protected].
How Can You Benefit From CIRCIA?
Black Woman Smiling in the Office
Overcoming cybersecurity is a collective effort. The goal of CIRCIA is to create a more secure cybersecurity framework across the United States by helping organizations fight cyber threats and attacks. It offers you the following benefits.
Compliance With Regulatory Standards
Cybersecurity is bigger than one person or organization. This explains why governments enact laws to maintain decorum in cyberspace.
Abiding by CIRCIA's requirements puts you in the right standing with the law. Non-compliance with the law has a negative impact on your reputation and business. You could suffer sanctions, fines or outright shutdown.
Rapid Incident Response
An effective incident response plan can mitigate the most dangerous cyberattacks. As an authority in cybersecurity, CISA works with expert cybersecurity personnel who are readily available to help covered entities manage cyber incidents. Reporting cyber incidents accurately to them gives you access to their services. They can deploy the best resources in responding to the attack rapidly.
Increased Cybersecurity Awareness
Cybersecurity has been a problem for years, yet some people and organizations don’t give it the attention it deserves. CIRCIA not only demands that all covered entities report cyber incidents, but that they do so effectively. Meeting the reporting requirements requires some level of attention and dedication to cybersecurity, thereby increasing cybersecurity awareness.
When you cultivate a security culture to abide by CIRCIA’s requirements, you and your team will inadvertently acquire the knowledge and skills to secure your network better. At least, that is the hope.
Access Effective Cyber Incident Response With CIRCIA
Cybercriminals operate with the most sophisticated human and technical resources. People and organizations suffer severe damage from attackers because they lack the resources to push back.
CIRCIA gives covered entities access to high-level cybersecurity defenses that may ordinarily not be within their reach. Threat actors will likely then have a harder time executing and getting away with their attacks.
BY
CHRIS ODOGWU
PUBLISHED 5 DAYS AGO
The Cyber Incident Reporting for Critical Infrastructure Act seeks to beef up cybersecurity in the US. Here's how.
Man Seated in the Office With a Laptop
Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.
If you are a victim of a robbery attack, reporting it to the police can get you the help you need. They have the resources to apprehend the people who attacked you and protect you from subsequent robberies.
A new cybersecurity law in the US called CIRCIA promises to offer the help you need after experiencing a cyber threat or attack. To get the most out of it, learn more about CIRCIA, its requirements, and how you can benefit from it.
What Is CIRCIA?
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a federal law mandating “covered entities” that deal with critical infrastructure to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
If you encounter a cyberattack, you might want to share your experience with your security team or anyone else who can help prevent a recurrence. Until recently, sharing such information with a government agency was optional. CIRCIA now mandates organizations and chief information security officers (CISO) to report cyber incidents to CISA for a more secure cyber environment.
Signed into law by President Joe Biden in 2022, CIRCIA stipulates that you must report all cyber incidents not more than 72 hours after you become privy to them. Should you pay a ransom to attackers, you must report it within 24 hours.
What Does CIRCIA Consider a Cyber Incident?
Hacker in a Control Room
Before you make a report to CISA, you need to be sure that it qualifies as a cyber incident. In this context, a cyber incident refers to an illegal act that compromises a covered entity's system. The compromise could be in the form of a data breach, theft, exposure, etc.
But what exactly do “covered entities” mean? These are the organizations on CISA's list of designated critical infrastructure sectors, which includes communications, financial services, healthcare, and public health.
What Are the Requirements for Reporting Incidents Under CIRCIA?
As a new law, CIRCIA takes ideas from other cybersecurity laws like the Cybersecurity Information Sharing Act of 2015 and the Homeland Security Act of 2002 to formulate its policies. The requirements for reporting cyber incidents are as follows.
Covered Cyber Incident
Any incident you report under CIRCIA must be a “covered cyber incident”. This means a significant attack on the network or system of an organization or body that's in the critical infrastructure sector.
Substantial Cyber Incident
An incident qualifies as a substantial cyber incident when it has a substantial impact on the integrity, confidentiality, resiliency, and security of a covered entity's system. It’s also substantial when it disrupts their operations, network or system.
Malicious Intent
CISA points out that an incident is eligible for reporting when it was executed by the actor with malicious intent. Cyber incidents performed in good faith like ethical hacking to determine network conditions or prevent an intrusion don’t qualify.
Time Frame
CIRCIA demands that a covered entity reports a cyber incident within 74 hours following when they “reasonably believe” that such an incident has taken place on their system. Similarly, they must report any ransomware payment they make within 24 hours.
If you are reaching out to CISA, your report needs to contain certain key information about the cyber incident so they can offer the most assistance to you. Answering the following questions will guide you in providing the necessary information.
Where did the incident occur?
When did the incident occur?
What’s the nature of the incident?
How did the incident impact your operations?
What vulnerabilities did the incident exploit or escalate?
What techniques did the actor deploy for the incident?
How many systems or people were affected?
Have you informed anyone else about the incident?
What sector does your organization belong to?
How can CISA reach you for correspondence?
CISA states that all reports it receives are private, confidential, and admissible.
Who Does CIRCIA Affect?
People Seated in the Office
CIRCIA affects only covered entities. As mentioned earlier, covered entities are organizations or businesses in the critical infrastructure sectors, particularly the following 16 industries:
Chemical
Commercial Facilities
Communications
Critical Manufacturing
Dams
Defense Industrial Base
Emergency Services
Energy
Financial Services
Food and Agriculture
Government Facilities
Healthcare and Public Health
Information Technology
Nuclear Reactors, Materials and Waste
Transportation Systems
Water and Wastewater Systems
How Do You Report Cyber Incidents Under CIRCIA?
If you experience a cyber incident, you can report it to CISA by filling out a designated incident report form. The various sections of the form capture relevant information about the incident.
Alternatively, if you haven't already filled out the form, you can make your report via email by sending details of the incident to [email protected].
How Can You Benefit From CIRCIA?
Black Woman Smiling in the Office
Overcoming cybersecurity is a collective effort. The goal of CIRCIA is to create a more secure cybersecurity framework across the United States by helping organizations fight cyber threats and attacks. It offers you the following benefits.
Compliance With Regulatory Standards
Cybersecurity is bigger than one person or organization. This explains why governments enact laws to maintain decorum in cyberspace.
Abiding by CIRCIA's requirements puts you in the right standing with the law. Non-compliance with the law has a negative impact on your reputation and business. You could suffer sanctions, fines or outright shutdown.
Rapid Incident Response
An effective incident response plan can mitigate the most dangerous cyberattacks. As an authority in cybersecurity, CISA works with expert cybersecurity personnel who are readily available to help covered entities manage cyber incidents. Reporting cyber incidents accurately to them gives you access to their services. They can deploy the best resources in responding to the attack rapidly.
Increased Cybersecurity Awareness
Cybersecurity has been a problem for years, yet some people and organizations don’t give it the attention it deserves. CIRCIA not only demands that all covered entities report cyber incidents, but that they do so effectively. Meeting the reporting requirements requires some level of attention and dedication to cybersecurity, thereby increasing cybersecurity awareness.
When you cultivate a security culture to abide by CIRCIA’s requirements, you and your team will inadvertently acquire the knowledge and skills to secure your network better. At least, that is the hope.
Access Effective Cyber Incident Response With CIRCIA
Cybercriminals operate with the most sophisticated human and technical resources. People and organizations suffer severe damage from attackers because they lack the resources to push back.
CIRCIA gives covered entities access to high-level cybersecurity defenses that may ordinarily not be within their reach. Threat actors will likely then have a harder time executing and getting away with their attacks.
