Biden’s New Reporting Requirements: How a few small things can make a big difference

President Biden recently signed a brand new bill for reporting cyber incidents for our critical infrastructure.

The Consolidated Appropriations Act of 2022, was passed by our Congress on the 14th of March. It was then signed into law by President Biden on March 15, 2022.

Within this Act, there is a section that deals specifically with cyber security. Section Y in this new omnibus bill is entitled The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“the Act”).

So how does this affect you?

Philadelphia’s IT security gurus at Proper Sky explain this Act further, and give concrete steps that can be taken to make a big difference in your own security.

Why is This Act Significant?

This Act is significant for many reasons, for both our cyber security and for other protections.

1. It widely expands the reporting requirements for any federal cybersecurity incidents and ransom demands for our critical infrastructure entities.
   
   
2. The law provides $13.6 billion in urgently needed aid to Ukraine as part of our country’s response to the 2022 Russian invasion of Ukraine.
   
   
3. It raises our defense spending by 5.6% – to $782 billion. Other discretionary funding is also raised 6.7% – to $730 billion.
   
   
4. The bill reauthorizes the lapsed Violence Against Women Act from 2019.
   
   
5. It bans the inaccurate depiction of Taiwan as part of China in any Maps from the US Department of State.
   
   
6. All proposed funding surrounding the Covid 19 pandemic was dropped from the bill to allow it to pass through Congress quickly.
   
   
7. There is so much to be discussed in regards to this act. Let us delve further into the cyber security reporting aspect of this Act.

What is Section Y?

You may be hearing people discuss Section Y and be wondering, what is this?

In “Section Y” of the Cyber Incident Reporting for Critical Infrastructure Act, the bill mandates that critical infrastructure entities must quickly report particular cyber incidents and any paid ransomware to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (Agency).

Critical infrastructure entities include the vast network of:

• Highways
  
  
• Connecting bridges and tunnels
  
  
• Railways
  
  
• Utilities and buildings necessary to maintain normalcy in everyday life.

We can not afford a cyber attack on these networks. Our country’s transportation, financial and commerce sectors, clean water supplies, and much needed electricity and more, all rely on network systems to be working in tip-top order.

Quick Reporting Required

If there should ever happen to be a cyber attack or incident of some kind, this Act has new reporting requirements. It requires that companies report all cyberattacks immediately.

Reports from these critical infrastructure entities must follow these guidelines:

• All cyber incidents must be reported within 72 hours
  
  
• All ransomware payments must be reported within 24 hours.

Reporting must happen before completing a thorough investigation. Legal counsels and security teams may need to work more closely together for proper reporting and investigating.

All data pertaining to any cyber incidents, including any DOD cybersecurity policy actions, must be preserved until the case is resolved. The Act includes liability protection and confidentiality.

Within two years, a Notice of Proposed Rulemaking (NPRM) will be issued to propose these final rules for putting into place these new requirements for the cyber Incident Reporting Act.

How You Can Stay Cyber-Safe

It has never been more important to protect your data, your company’s assets, and your employers from vicious cyber attacks.

There are steps you can take as an individual to keep safe from the external threats of phishers, and more.

1. Do not click on any links or open attachments
   
   
2. Regularly update your browsers on all of your devices.
   
   
3. Regularly update all of your apps.
   
   
4. Do not give out your private information without solid verification.
   
   
5. Be sure to always back up your information.
   
   
6. Delete anything that is sensitive information.
   
   
7. Protect your passwords. Choose them carefully.

If you are a company or organization, you may want to outsource your security protocols to a respected IT professional or company. The importance of your company’s cybersecurity can not be underestimated.

Authentication Protocol Tools: DMARC, DKIM, and SPF

There are great authentication tools for you and your IT professionals to use to keep you safe. These include: DMARC, DKIM, and SPF.

DMARC, DKIM, and SPF are email authentication technologies in the cyber world.

The basic specifics of these technologies

DMARC – Stands for Domain-based Message Authentication, Reporting & Conformance.

The DMARC organization explains,

“DMARC is an email authentication, policy, and reporting protocol. It builds on the widely used SPF and DKIM protocols by adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.”

DMARC can protect all of your domains from being targets of spoofing and phishing. It creates records of those that are authorized to send emails from your domain. DMARC is used by gmail. You may see an email rejected per DMARC policy.

SPF – Stands for Sender Policy Framework.

SPF is an email authentication system that was created to prevent other spoofers from sending emails from your domains.

When an email is received, an email provider will verify the SPF through DNS records. AN email is flagged as spam if it is not an IP address on your list. This will force it to fail a SPF authentication check. It will send the message “spf authentication has failed”.

DKIM – Stands for Domain Key Identified Mail.

DKIM is another email protocol system in which an organization can feel safe when transmitting an email message. It allows the user to sign it in a way that providers can verify. It uses cryptographic authentication to verify records.

Most IT professionals would recommend using these cyber security systems in a combination for complete coverage in your security. Together, they can fully protect all of your email domains from any attacks of spoofing or fraud.

How Does This Act Affect Me?

You may be wondering, how does the Cyber Incident Reporting for Critical Infrastructure Act affect me?

In general, you should be happy to see that your government is taking steps to improve our overall cyber security. They are taking a solid role in improving our cyber safety.

With this act, our financial companies, energy companies, and more, will be required to report all cyber incidents. These infrastructures greatly impact all of us, and will be more protected by the CISA department of homeland security.

They impact our safety in our communities, our work, our home, our finances, our personal privacy, and more.

We all need cyber security to be of the utmost importance.

Final Thoughts

By adding extra security reporting protocols for stricter reporting of data breaches, etc, our government is ensuring that our public health and safety is greatly improved.

All companies, including those in our critical infrastructure communities, should take steps to increase their awareness of cybersecurity management and policy security measures.

Utilizing DMARC, SPF, and DKIM can give you and your company security from incoming attacks. Having a solid plan in place for how you choose to respond to any attacks is very important.

Reach out to your trusted IT professionals to help you and your company to implement a safety protocol today. As always, Proper Sky is here to help!