Skip Repeated Content

BCLP Partner Christian Auty was quoted Nov. 24 by Law360 on the defense policy spending bill under consideration in the U.S. Senate, which includes a first-of-its-kind amendment that would require infrastructure operators and federal agencies to report attacks to the Cybersecurity and Infrastructure Security Agency within 72 hours. The proposal also would mandate that many businesses alert authorities within 24 hours of paying cybercriminals a ransom. Some members of Congress have softened on their initial call to require critical infrastructure companies to report attacks within 24 hours, a timeframe attorneys say can be too short to know crucial details. “I don’t care how good your incident response plan is; you don’t know very much in 24 hours,” said Christian, leader of BCLP’s U.S. Global Data Privacy & Security Team. “If you have a 24-hour notification backed by some sort of sanction, you are really inviting a sea of noise with very little or no signal at all.”

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.