This month, lawmakers in the United States passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act). As part of the broader 2022 Consolidated Appropriations Act, the Act aims to bolster the federal government’s visibility into cyber attacks into critical infrastructure in the country.
The passing of the Act creates significant new obligations for companies that fall under the law’s purview to report cybersecurity incidents and ransom payments to the U.S. government via the Cybersecurity & Infrastructure Security Agency (CISA). Specifically, the Act requires a “covered entity” to report cyber incidents to CISA within 72 hours of its reasonable belief that a cyber incident has occurred. Further, in case of paying any ransom in connection with a ransomware attack, a covered entity must disclose the details to CISA within 24 hours of making the payment.
Obligations apply to “covered entities” in critical infrastructure sector
It’s important to note that these new obligations apply to “covered entities,” which according to the Act are entities “in a critical infrastructure sector” that meet a set of criteria to be specified in CISA’s final rule. That final rule scoping out the definition of “covered entities” must be issued for comment within two years and is to consider the following factors:
(1) the consequences to national or economic security, or public health and safety, caused by a compromise of or disruption to the entity,
(2) the likelihood of the entity being targeted by a malicious cyber actor, and
(3) the potential of an attack on the entity to disrupt the reliable operation of U.S. critical infrastructure.
The Act further empowers CISA to issue subpoenas for information about a cyber incident or ransomware payment if a covered entity fails to report the incident and further does not respond to CISA’s requests for information. Moreover, CISA can ultimately refer a covered entity that fails to report under the Act to the U.S. Office of the Attorney General for a regulatory enforcement action or criminal prosecution.
Importantly, the Act makes clear that covered entities may leverage the support of third-party vendors to satisfy the new obligations, including the preparation and submission of cyber incident and/or ransom payment reports to CISA.
Why Arkose Labs is the vendor-of-choice
When thinking about how covered entities will need to comply with the Act, we at Arkose Labs believe it is more important than ever before for companies to consider the capabilities of third-party vendors they partner with to prevent online fraud on their platforms.
A key feature of Arkose Labs’ premiere, managed services tier of professional services is our ability to deliver proactive risk management support to our customers. We combine 24/7 monitoring as part of our overall fraud prevention platform. With the managed services tier of professional services in place, Arkose Labs can proactively monitor and identify unusual traffic on our customers’ platforms. These insights provide alerts based on those patterns to help our customers with fraud prevention before any fraudulent activity gets out of control.
Arkose Labs service offering helps businesses identify and prevent attempts at unauthorized breaches on their online platforms with lasting effect. In this capacity, our goal is to place our customers in a position of visibility and control over the integrity of their online properties, which helps them to avoid situations where they would have to submit a cyber incident or ransom payment report to CISA within the accelerated timeframes noted above.
Businesses must consider the aforementioned features when looking to partner with a third-party vendor. To learn how Arkose Labs provides businesses with proactive risk management tools to root out fraudulent activity on their platforms and remain compliant with prevalent regulations, please book a demo now.
Disclaimer: The information provided in this post does not, and is not intended to, constitute legal advice or advertising. All information made available in this post are for general informational purposes only, and may not constitute the most up-to-date information. This post contains links to other third-party websites for the convenience of the reader. Arkose Labs does not recommend or endorse the contents of third-party websites.
All liability with respect to actions taken or not taken based on the contents of this post are hereby expressly disclaimed. The content in this post is provided "as is;" no representations are made that the content is error-free.
7 Reasons Businesses Choose Arkose Labs to Stop Fraud
Share The Blog
