HomeCyber BalkansRuling by US Supreme Court expected to result in chaos in cyber...

Ruling by US Supreme Court expected to result in chaos in cyber regulation

Published on

spot_img

In 2023, the US Securities and Exchange Commission (SEC) adopted rules mandating registrants to disclose any material cybersecurity incidents within four days of determining their importance. Additionally, companies were required to reveal material information regarding their cybersecurity risk management, strategy, and governance on an annual basis. The regulations were implemented despite the fact that the Securities and Securities Exchange Acts, upon which the SEC based its rules, did not directly mention cybersecurity.

On the FCC front, in 2023, the US Federal Communications Commission (FCC) modified and reinforced its data breach notification rules for communications providers to safeguard against unauthorized use or disclosure of customer data. By issuing updated regulations, the FCC significantly amplified its enforcement authority under the Communications Act, which specifically addressed protections for customer proprietary network information (CPNI) and not the broader spectrum of customer data covered in the Commission’s rules.

Moving on to the US Cybersecurity and Infrastructure Security Agency (CISA), in April 2024, it put forth a proposal to adopt the cyber incident reporting requirements established under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The finalization of this rule is not expected until 2025. Throughout the development of this rulemaking, CISA had to interpret CIRCIA in a broader context to effectively implement the reporting requirements.

These regulatory developments mark significant progress in enhancing cybersecurity measures and ensuring the prompt reporting of cyber incidents. By enforcing stricter reporting guidelines and expanding regulatory authority, these agencies aim to improve data protection and bolster cybersecurity resilience in the face of evolving digital threats.

Overall, these regulatory changes signify a shift towards a more proactive approach to cybersecurity governance and risk management. Companies and organizations are now held to higher standards of transparency and accountability when it comes to managing and reporting cybersecurity incidents, reflecting the growing importance of cybersecurity in today’s interconnected digital landscape.

Source link

Latest articles

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker; Lawyers Claim Misidentification

Armenian authorities have detained a Russian national named Aleksandr Ermakov at the request of...

SANS Highlights AI Governance Gap Amid Rising Security Team Usage

AI Integration in Cybersecurity: Balancing Confidence with Deployment Challenges In recent developments within the cybersecurity...

AI Has Evolved from Assistant to Operator, Warns Check Point Research

AI's Evolving Role in Cyberattacks: Insights from Check Point Research's Annual Security Report Check Point...

CISA Includes FortiSandbox Vulnerabilities in KEV Catalog

Incident & Breach Response, Security Operations Agencies Have Until Sunday to Patch...

More like this

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker; Lawyers Claim Misidentification

Armenian authorities have detained a Russian national named Aleksandr Ermakov at the request of...

SANS Highlights AI Governance Gap Amid Rising Security Team Usage

AI Integration in Cybersecurity: Balancing Confidence with Deployment Challenges In recent developments within the cybersecurity...

AI Has Evolved from Assistant to Operator, Warns Check Point Research

AI's Evolving Role in Cyberattacks: Insights from Check Point Research's Annual Security Report Check Point...