Demo
New US Cybersecurity Laws – Will UK Follow Suit? - Talion

The threat of potential cyber attacks against critical infrastructure within the US is on the rise.

There are warnings of Russia engaging in malicious cyber activity as a result of the economic sanctions imposed by America on their country.

It’s more important than ever that governments take action, such as imposing new legislations to strengthen defences and promoting awareness around ransomware amongst peers.

 

What is the new cybersecurity legislation in the US?

As of March 1st, the United States Senate passed the Strengthening American Cybersecurity Act of 2022 – a new legal requirement for critical infrastructure companies to report cyber-incidents and ransom payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Cyber incidents must be disclosed within 72 hours of occurrence, and ransom payments reported within 24 hours of payment. Any suspicion of non-compliance may follow with the threat of referral to the US Department of Justice.

 

What companies will be covered?

The Act has laid out a definition of “covered entities” as based on the following:

(A) the consequences that disruption to or compromise of such an entity could cause to national security, economic security, or public health and safety.

(B) the likelihood that such an entity may be targeted by a malicious cyber actor, including a foreign country.

(C) the extent to which damage, disruption, or unauthorised access to such an entity, including the accessing of sensitive cybersecurity vulnerability information or penetration testing tools or techniques, will likely enable the disruption of the reliable operation of critical infrastructure.

This includes sectors ranging from chemical, emergency services and energy, to food and agriculture, information technology and transportation systems.

 

 

What types of ransom payments are covered?

The Act allows for ransomware reporting beyond the traditional attacks; it includes the use, or threatened use, of unauthorised malicious code, denial of service attacks, and any other mechanism designed to disrupt the operations of an entity’s information system. Any payment that is made to avoid loss of confidentiality, availability or integrity of data (whether actual or threatened) is feasible.

 

What should the ransom report include?

When reporting a ransom payment, it must include the following:

  • A description of the attack, including estimated date range of the attack
  • A description of the vulnerabilities, tactics, techniques, and procedures used to perpetrate the ransomware attack
  • Any identifying or contact information related to each actor reasonably believed to be responsible for the ransomware attack
  • The name and other information that clearly identifies the covered entity that made the ransom payment or on whose behalf the payment was made
  • Contact information for the covered entity or an authorised agent of the entity
  • The date of the ransom payment
  • The ransom payment demand, including the type of virtual currency or other commodity requested
  • The ransom payment instructions
  • The amount of the ransom payment

For more information regarding general cyber incidents, alongside ransomware, see here.

 

CISA’s Shields Up Campaign

CISA are warning organisations, both large and small, to prepare themselves to respond to disruptive cyber incidents, thus protecting both the critical infrastructure of the US whilst avoiding the necessity to report to the government.

With the launch of their Shields Up Campaign, CISA have shared free cybersecurity services and tools to assist organisations who may find it challenging to identify what they need for urgent security improvements.

You can access these free resources here.

 

Will the UK follow suit?

The UK Government currently have an open consultation on its proposal to reform the existing UK cybersecurity legislation, with a National Cyber Strategy 2022 Policy Paper available for viewing.

The proposal consists of 3 pillars:

  • broadening the scope of existing UK Cyber security framework
  • modernising the NIS Regulations
  • introducing standards for cyber security professionals

The reform is still in its early days, so amongst the enhanced cyber security legislation in the EU and US, there is the question of whether this will impact any change in the UK.

 

#RansomAware banner

 

#RansomAware

Whilst reporting cyber-incidents and ransom payments is now becoming a legal requirement in many regions, there is a greater incentive for organisations to share their experiences and encourage others to do the same. By doing so, we can remind others to report disruptive attacks where necessary and support the government in setting out future measures to reduce the impact.

Our #RansomAware LinkedIn group is an opportunity to get involved if you’re interested – share relevant articles, express your opinion, and get updates on what’s topical in the ransomware space.

We hope to see you there.

 
Leave a comment

Filed in Blog, by Talion. 0 comments
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.