What CIOs need to know about the newly proposed Critical Infrastructure Cyber Incident Reporting Rule

Creating a world that is safer and more secure is core to our vision at Palo Alto Networks, but this only can be achieved if we’re collectively making the internet, as a whole, safer. To do this requires more widespread awareness of cyber threats and information sharing, and a newly proposed cyber incident reporting rule from the Cybersecurity and Infrastructure Security Agency (“CISA”) is intended to meet this goal.The proposed Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements would require covered companies to report certain cyber incidents within 72 hours of discovery and ransomware attack payments within 24 hours. It marks a major shift in the US cyber ecosystem because of how expansive the proposed rule is, extending reporting obligations to previously non-regulated entities.While the rule applies to companies deemed “critical infrastructure”– many companies may be surprised to learn that this designation extends beyond traditional “owners an...