Top US Cyber Agency Pushing Toward First Hack Reporting Rule

Many of the existing 52 enacted or proposed federal cybersecurity breach reporting requirements are sector-specific, making CISA’s approach markedly different as it positions itself as an industry-friendly agency, said Justin Herring, a partner at Mayer Brown LLP and former cybersecurity regulator with the New York State Department of Financial Services.

“At least with respect to notification and the requirements to reporting, this will be the most cross-industry rule that I can think of, definitely at the federal level, and that will give them an opportunity to create rules like this for industries that don’t have a close regulator,” said Herring. But CISA’s powers as a regulator aren’t fully fleshed out, he said, because it can’t yet prescribe security measures, instead relying on enforcement referrals to the Department of Justice.

“This may be the first baby step towards CISA taking on those kinds of regulatory powers,” Herring said.

Contacts

Associé
Justin Herring
- New York +1 212 506 2878
jherring@mayerbrown.com

Voir tout

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.

Subscribe

Contacts

Related Content

DOJ and FBI Announce Guidance on Seeking Delays in SEC 8-K Filings for Cyber Incidents

Software Security: Recent Policy Actions Highlight Importance of Mitigating Legal Risks

What Boards Need to Know Regarding the Forthcoming Artificial Intelligence Related Legal Frameworks and What They Can Do to Prepare

Stay Up To Date With Our Insights