Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
April 20, 2022
Cybersecurity incidents are growing in cost and scale, often affecting multiple nations and industry sectors. Historically, malicious actors could rely on a culture of secrecy within breached organizations, which might decline to disclose a breach to the Federal Government, often aiming to reduce reputational damage and legal liabilities. This sometimes came at the cost of collective security for an industry (or even a nation) because other organizations and law enforcement couldn’t prepare for or track the attacker’s movements and techniques. This constantly put both private and public sectors at a disadvantage and allowed the threat actors an easy way to expand their attacks.
In recent years, the paradigm has shifted, with more organizations now understanding the importance of sharing incident information when possible. A large drawback has been the lack of clear requirements and legal protections from the Federal Government. This has left many businesses needing to balance a collaborative approach to security with potential legal liability.
To combat this conflict, the Federal Government on March 15th enacted the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as part of the Consolidated Appropriations Act, 2022 (Public Law No: 117-103). At its core, the new law aims to require disclosure of incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within a predetermined amount of time. In exchange for reporting requirements, organizations will be granted some legal protections from lawsuits pertraining to the reported incident. The Federal Government’s intent with this legislation is to build a collective understanding of how threat actors are targeting organizations and critical infrastructure. With this information, CISA plans to rapidly deploy resources, render assistance and warn other potential victims.
While this act has been signed into law, the reporting requirements aren’t currently in effect. CISA is required to submit a final rule no later than 24 months from the March 15th, 2022 enactment.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 can be understood in three categories: requirements, protections, and enforcement.
Optiv’s Perspective On Enhancing Your Cybersecurity Program Cybersecurity activities continue to be top of mind across industries. With high profile cybersecurity attacks in the private and public sectors, we’ve seen an increasing appetite for security-related actions from congress and federal agencies. These have focused not only on federal agencies themselves but also on the private sector, whether it be a government contractor or an important link in the supply chain. This highlights the need to build out a robust, secure, and mature cybersecurity program that will help reduce exposure to cybersecurity incidents and risk to your business.
The reporting requirement encourages organizations to build a security capability to prevent or deter incidents, even if not explicitly required by the legislation. The act emphasizes accountability for incidents, including subsequent reporting until remediation. While the details of the final rule may vary slightly, the principles of risk management, governance, resilience, and attention to third parties are best practice areas that can strengthen cybersecurity programs and must not be ignored.
The time to act is now. Starting a programmatic approach today will drive readiness success when the disclosure requirements are implemented. An approach that incorporates playbooks and coordination for media, legal, and other responses will help reduce revenue and business risk, not only just cyber risk. Building and maturing a robust cybersecurity program, that reduces risk, takes time and a holistic approach. Waiting to start could require organizations to play catch-up or could potentially expose them to a greater level of legal or regulatory risk. This approach should start now and could include:
As the trusted cybersecurity partner for many leading organizations, our goal is to quickly highlight these elements to drive awareness and promote cybersecurity across the enterprise. With these requirements impacting reporting, there has never been a more important time to elevate the cybersecurity conversation within your organization.
If you have questions about how the Cyber Incident Reporting for Critical Infrastructure Act affects your organization, please drop us a line.
Optiv Security: Secure greatness.™
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv Federal provides a combination of cybersecurity technology and services across the US Government, including civilian agencies, DOD and Intel. We...
June 29, 2021
The executive order on cybersecurity emphasizes coordinated, mandated levels of controls to respond to a growing threat to critical infrastructure.
Let us know what you need, and we will have an Optiv professional contact you shortly.