David Tutin
August 24, 2022

US cybersecurity breach rules – what’s new in 2022?

Cybersecurity breaches are severe and continue to make the headlines. Governments the world over are accelerating the rollout of new rules and regulations in an effort to prevent and mitigate the damaging attacks seen on a regular basis.

In the US, for example, 2022 has seen the implementation of a range of new laws, including those set in motion by the Presidential Executive Order signed in May last year. Among a range of priorities, the EO set out the need for urgent and significant progress, stating: “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments.”

So, what changes have come into force this year, that update and broaden cybersecurity regulatory requirements in the US?

Back in March, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law, marking what CISA called “an important milestone in improving America’s cybersecurity”. The Act empowers CISA to develop and implement regulations requiring organizations to report covered cyber incidents and ransomware payments. As CISA puts it, “These reports will allow CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.”

In May, banks became subject to a 36-hour notification deadline, during which they must report security incidents to regulators. According to the Federal Deposit Insurance Corporation (FDIC), qualifying incidents can include:

  1. Large-scale distributed denial of service attacks that disrupt customer account access for an extended period of time (e.g., more than 4 hours);
  2. A bank service provider that is used by a banking organization for its core banking platform to operate business applications is experiencing widespread system outages and recovery time is undeterminable;
  3. A failed system upgrade or change that results in widespread user outages for customers and banking organization employees;
  4. An unrecoverable system failure that results in activation of a banking organization’s business continuity or disaster recovery plan;
  5. A computer hacking incident that disables banking operations for an extended period of time;
  6. Malware on a banking organization’s network that poses an imminent threat to the banking organization’s core business lines or critical operations or that requires the banking organization to disengage any compromised products or information systems that support the banking organization’s core business lines or critical operations from internet-based network connections;
  7. A ransom malware attack that encrypts a core banking system or backup data.

While this list isn’t an exhaustive set of scenarios that should trigger a notification, it does underline some key areas of concern that could equally apply across many other organizations in both the private and public sectors.

Also new this year, President Biden signed bills into law that aim to strengthen the federal cyber workforce and foster collaboration across all levels of government. This was a key objective set out in the 2021 Executive Order and also represented an important bipartisan effort to boost coordination between CISA, state and local governments (among other relevant authorities). Under The State and Local Government Cybersecurity Act, for instance, these organizations will be able to share security tools, procedures, and information more easily.

In addition, the Federal Rotational Cyber Workforce Program Act of 2021 came into force at the same time this year. This enables US government employees working across IT, cybersecurity, and other related job functions to rotate through roles on a cross-agency basis. This is designed to help professionals build new skills and experience in the complex and rapidly changing cybersecurity ecosystem.

Delivering proactive cybersecurity protection

Looking at the risks facing the public sector in particular, the practical steps taken to bring these commitments to life must also focus on the ability of Federal Agencies to deliver zero-trust cybersecurity protection. Of particular concern for anyone working in government, for example, should be the protection of files and documents, created and shared in their millions between organizations and their teams every day.

While most organizations understand the need to defeat malware and ransomware, the vast majority rely on a reactive response based on well-established antivirus and sandboxing technologies to protect their valuable files and everything they contain.

These technologies are key to any holistic cybersecurity strategy, but the problem is that nearly 70% of malware found embedded within files is of an unknown variant when it is received, effectively making it invisible to these reactive cybersecurity technologies. That represents a major gap in protection and a potentially catastrophic security blindspot.

Instead, Content Disarm and Reconstruction (CDR) delivers zero-trust file protection that doesn’t wait for detection. Glasswall’s CDR platform instantly cleans and rebuilds files and documents to match their ‘known good’ manufacturer’s standard, removing potential threats.

Trusted by government organizations and security services throughout the world, Glasswall CDR is rapidly gaining acceptance among security teams focused on preventing the risks posed by file-based threats.  Learn more about Glasswall CDR.

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.