Recent high-profile ransomware attacks prove that they remain a growing threat to the American economy. Moreover, the possibility of more assaults has increased with Russia’s invasion of Ukraine.
The Strengthening American Cybersecurity Act of 2022 unanimously passed in the US Senate on March 1. Act S. 3600 requires critical infrastructure companies to alert the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of essential infrastructure facilities like ports, hospitals, power plants, etc. Additionally, ransomware payments need reporting within 24 hours.
Impact of The Legislation on Cybercrime
According to a report from Politico, the drafted bill raised doubts among some people in the administration about serious flaws. For example, Deputy Attorney General Lisa Monaco is quoted in the article, saying, “This bill as drafted leaves one of our best tools, the FBI, on the sidelines and makes us less safe when we face unprecedented threats.”
Despite what many are saying, this Fortune commentary says that bipartisan leaders feel that the bill’s intention means the federal government will have better visibility, allowing them to disrupt malicious cyber campaigns faster thanks to the information received. The private sector will also have quicker access to information to prepare themselves for future attacks.
The legislation requires that companies have a compliance plan in place, and the sooner they do, the better.
7 Reasons Why Revision of Cybersecurity Legislation is Necessary
Despite the good intentions of the act, some concerns remain about why cybersecurity legislation requires revising.
1. Growing Threats and User Vulnerabilities
No private company or public enterprise can deem itself safe from cyber attacks. The various attacks include phishing, malware, man-in-the-middle, drive-by attacks, and crypto-jacking that steal digital currencies with access to enterprise computers. As a result, data is susceptible, and legislation can help prevent future threats.
Advances in information and communication technology mean that cybercriminals have more opportunities, exposing businesses to cyber threats.
2. Increasing Cybercrimes
Cybercrimes are easier than ever to commit, thanks to the over 22 billion networked devices worldwide due to faster broadband and cloud computing. Increasingly, the dark web provides a foothold for cybercrime activities. Cybersecurity legislation helps minimize the risk of exposure with speedier reporting.
3. Economic Fallout
Studies indicate the average cost of cybercrimes will reach 10.5 trillion globally by 2025. These include information breaches, often about financial information, health records, trade secrets, intellectual property, and personal data. The cost of cyber security and reporting can help save a fortune.
4. Reputational Damage and Saving Credibility
Cyber attacks lead to reputational damage that remains difficult to reverse. Faster reporting and action means that companies have a better chance of protecting themselves and their consumers from potential cybercrimes. Corrupted computer systems cause viruses to spread across the whole networks, endangering complete systems and files. The damage is usually massive, requiring millions to correct, never mind fixing credibility issues afterward.
5. Cloud Storage Protection
Cloud storage is vital for companies and government entities today because it allows faster access for employees, especially those working remotely. But, unfortunately, not only companies are vulnerable because everyone uses the cloud for storing sensitive information, leaving them open to cybercriminals.
6. Saving Money
Data breaches are expensive (see this Legalscoops report on the Class Action Lawsuit filed against Partneship Health), but data breach laws require regulatory fines or even sanctions for companies that don’t comply. Currently, the Act doesn’t provide for penalties for inadequate reports submitted, but subpoena’s will follow if companies don’t provide requested information after a cyber attack. Mitigating threats by ensuring training and the legislated cybersecurity framework reduces risks and saves money long-term.
7. Protection From The Dark Web
The dark web follows the growth and development of technology. Here one finds the secret collaboration of sites for hiding activities anonymously and privately through secret browsers, particularly for illegal activities. Unfortunately, the dark web has reached levels of sophistication that make it easier to pierce cyber security, making sophisticated legislation vital.
All these threats require clear legislation, ensuring more than the 72-hour window for reporting cyberattacks. Companies need to investigate the attack, reconcile their damage, and plan its resolution within this time. First, however, the law requires clarity on the incidents, which require reporting, ensuring transparency, and allowing companies a faster return to their normal activities.
Furthermore, these reports need to reach all agencies simultaneously, including the FBI, avoiding multiple reporting chains that waste time. The Strengthening American Cybersecurity Act is the first step, its impact provided by its clarit and guidance remains to be seen in the future, perhaps leading to further legislation.