More than 10,000 Canadians received a medically-assisted death in 2021: report
Quebec Superior Court suspends Bill 96’s translation requirement until constitutionality determined
The Ontario government has given Maggie an ultimatum: the disabled teen can lose her funding or her independence
FBI took 11 sets of classified material from Trump’s Mar-a-Lago home while investigating possible Espionage Act violations (US)
Ontario class action settlement reclassifies volunteers as employees, setting new precedent
Availability of Judicial Review in SABS Disputes
Are masking policies still valid?
Justice Canada releases commission report on impact of lack of legal aid in family law disputes
Harmonized sales tax part of maximum amount of attendant care benefits owed by insurer: court
New rules coming next month to help Canadians with cancelled and delayed flights
Stephen King set to testify for govt in books merger trial (US)
New law program in Quebec to begin next fall, a first in 50 years
The Impact of the Lack of Legal Aid in Family Law Cases
SCC rules that when someone is required by their partner to wear a condom but do not, they could be guilty of sexual assault.
Big Plastic suing feds over single-use ban — again
Tim Hortons offers coffee and doughnut as proposed settlement in class action lawsuit
The SCC has refused to hear the appeal to declare the renewal of the state of health emergency by the Quebec government invalid
Federal privacy commissioner investigating controversial ArriveCAN app
Kraken, a U.S. Crypto Exchange, Is Suspected of Violating Sanctions (US)
Ontario court certifies class action on former patients’ anxiety from notice of risk of infection
The stakes couldn’t be higher as Canada’s top court decides whether to hear climate class action lawsuit
Professor Barnali Choudhury selected by EU as trade and sustainable development expert
The Supreme Court decision on the ‘Ghomeshi’ amendments will help sexual assault victims access justice
AFN Reaches $20 B Final Settlement Agreement to Compensate First Nations Children and Families

(US) How the Senate’s new cybersecurity legislation could affect your business

A new piece of legislation could mean more transparent reporting of cyberattacks as well as increased security measures to keep organizations safe.

PHOTO: Stock

The Senate passed a piece of legislation on Tuesday, detailing new cybersecurity measures that would force businesses to report cyberattacks and ransomware payments. The Strengthening American Cybersecurity Act aims to continue the Biden administration’s effort to make both the public and private sectors better defended online. With the act passing through the Senate, it will now head to the House for voting.

The act, composed of three separate bills, would require critical infrastructure organizations to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a substantial cyberattack. In addition, those who make ransomware payments would be required to report the incident to the CISA within 24 hours. The 200-page act’s main goal is to update the federal government’s cybersecurity posture in response to the United States’ support of Ukraine in its war with Russia.

“Since the Colonial Pipeline ransomware attack, the government has been in a reactionary course to pass legislation relating to cybersecurity to protect various private supply chains that impact the critical infrastructure of the United States,” said James McQuiggan, security awareness advocate at KnowBe4. “However, what is yet to be determined is the specific incidents that organizations will need to report, the timeframe required, in other words, the time from when the organizations classify an event as an incident, and which types of incidents. Regarding ransomware attacks, will it be based on a dollar amount or system impacted amount? CISA has to develop these requirements, but it will require organizations to shift their incident handling procedures to address the new laws set forth.”

The move towards cloud-based technologies was another focus of the act after several ransomware attacks, as the piece of legislation attempts to streamline critical infrastructure operators and the government’s response to cyber attacks moving forward.

The industries most affected by the potential passing of this bill are as follows:

  • Chemicals
  • Commercial facilities (hotels, arenas, convention centers, commercial real estate)
  • Communications
  • Critical manufacturing (machinery, electrical equipment, transportation equipment)
  • Dams
  • Defense industrial bases
  • Emergency services
  • Energy
  • Financial services
  • Food & agriculture
  • Government
  • Healthcare
  • Information technology
  • Nuclear reactors
  • Transportation
  • Water and wastewater systems
How does this affect businesses?

Just one example of an industry that could be affected by the passing of this bill are businesses within the energy market. These enterprises have already seen the potential effects of a cyberattack when looking at the Colonial Pipeline attack last May. In that attack, a hacker group’s ransomware forced the extortion of cryptocurrency in exchange for returning control of the pipeline back to the Colonial Pipeline Company, but not before the company paid the ransom of $4.4 million.

Another factor is businesses further down the supply chain and not just the enterprises suffering the attack. Much like with the Colonial Pipeline hack, it was not just the pipeline and its company feeling the effects. Stemming from that raid on the pipeline itself, businesses further down the supply chain like gas stations and airports started being affected by the lack of oil from the pipeline itself.

As highlighted by McQuiggan, another aspect that must be considered for businesses is what constitutes a “substantial” cyberattack as outlined in the act. With a more robust reporting process, there will be an increase in the amount of cyberattacks reported by the media, says Paul Furtado, senior research director at Gartner.

“The bill applies to federal civilian agencies and industries deemed to be critical infrastructure. Critical infrastructure industries make up a large percentage of the US economy,” said Furtado. “The bill impacts these organizations regardless of size or revenue. Once the bill is passed into law we may see a surge of ransomware incidents reported in the media. People need to understand that the wave of new reports doesn’t mean we are under a greater volume of attacks, but rather will highlight the fact of how many of these attacks historically have gone unreported.”

To assist with combatting this, Furtado says that enhancing the scale and detail of reactions to attacks to meet the new governmental requirements will be key, along with intense monitoring of systems to prevent potential and future attacks.

“CIOs and security leaders will need to update existing incident response plans to reflect the new reporting requirements,” Furtado said. “Additionally, executive management needs to be educated on the new legislation and the impact to the business should they be the victim of a ransomware attack. Outside of the additional regulatory notification requirements, companies should continue to implement [constant] security monitoring and preventative tools to mitigate the risk of ransomware taking hold in their organization.”

With many different industries under the potential umbrella of this new bill, many organizations will want to increase not only their security protocols to prevent attacks, but also their reporting systems to fall into compliance with the bill.


Want direct access to the latest LITN content?

Stay in the loop ➞ Subscribe to LITN instant notifications.
Receive the latest content delivered directly to your device.
Unsubscribe at anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *

I agree to LITN's Terms & Conditions.

Latest News


Join the LITN Newsletter ➞ the latest news delivered to your inbox. Unsubscribe at any time.


Instagram Feed