White Paper

Client Alert: Strengthening American Cybersecurity Act: For Many, a 72 Hour Notification Deadline is Coming

On March 15, 2022, President Biden signed into law the Strengthening American Cybersecurity Act (“SACA”), which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”). The Act created a framework for reporting obligations with a 72-hour notification deadline for victims of cyber-attacks whose businesses operate in certain “critical infrastructure sectors.” Oversight and enforcement of compliance will be handled by the Cybersecurity and Infrastructure Security Agency (“CISA”) in conjunction with the Department of Justice (“DOJ”). Although the Act has been signed into law, the director of CISA has 24 months to publish a notice of proposed rulemaking and permits an additional 18 months thereafter for issuance of a Final Rule.

This Client Alert, authored by Partner Joel B. Bruckman, details how the Final Rule will effect businesses and outlines the steps needed to get an Incident Response Plan into place.

Available Downloads