Cybercrime is on the rise in the United States. With increases of hundreds of precents and an estimated $590 million dollars paid out in attacks in the first half of the year alone, the threat is growing exponentially, and effecting American businesses. After a massive attack on the Colonial Pipeline which caused a brief gas shortage and other attacks on infrastructure by foreign actors, many wondered when our government would act. Currently there is legislation on the table which we will explore in this article.

 

The first of these bills has to do with compliance, specifically how long a company has to report a critical infrastructure attack. While CISA (Cybersecurity and Infrastructure Security Agency) has asked for flexibility, definite timelines being propose. There are three bills that have been introduced with this at the helm. In the Senate the two competing bills have a 24 and a 72 hour limit on reporting respectively. Critics have claimed that the 24 hour bill doesn't give organizations sufficient response time and takes away needed manpower. In the House, the bill calls for a 72 hour minimum and creates a Cyber Incident Review Board where critical infrastructure organizations must report to.

 

These are all being proposed to be added to the final draft of the Defense Authorization Bill. Also included in the House version of the bill is a change to the CISA directors assignment. It would make them a non-political 5 year appointee, similar to other intelligence agencies. The bill earmarks $500 million in cyber-security grants at the state and local levels. Further, it includes authorization for incentives for the cyber-security industry to find and report vulnerabilities as well as will implement a cloud based system of information sharing related to cybercrime for government officials.

 

The Senate has additional earmarks including $21 million dollars in discretionary spending to the CISA head. It allows for the Department of Homeland Security to step in and provide funds and aid in the case of a significant, devastating attack. The Senate has also set the state and local grant to a billion dollars in their version.

 

These changes can affect businesses that fall under the broad designation of infrastructure. Currently there are over one hundred compliance laws that have been passed in the last year alone between the local and the federal level, on top of the existing compliance laws on the books. While these laws vary by industry, one thing is the same across the board, the fines that come with violating these laws, while varying in amount are constant. Adding a federal mandate would also add a criminal element to not reporting these violations properly.

All this regulation may seem like a lot. However there is a bright spot. Reporting of cyber attacks is up over 60% from 2020. This allows for these attacks and those who carry them out are studied and documented. This allows for companies to strengthen software, create updates that patch vulnerable holes in the network, and cyber security experts such as Delval Technology Solutions to be even better adapt at preventing these attacks.

The fact is, if you are reading this, chances are you aren't a compliance expert. You are an expert in your field, running your business with all of the peaks and valleys that come with it.  The best thing you can do, no matter what the outcome of these defense bills, is to partner up with experts.

Having an MSP, like your friends at Delval Technology Solutions, by your side gives you access to experts. These experts follow the trends, in security and compliance,  to make sure you stay on the right side of regulation. On top of that you get someone monitoring your network, protecting your endpoints, and helping you make sure that your network and your business are protected. You will have a plan that allows you to be prepared if you ever are attacked while working with a partner working hard to ensure you never are. They even train your staff to ensure that everyone in your organization knows what to be on the lookout for.