Priya PatelTLDR:
- A proposed rule by CISA under the Department of Homeland Security, called the Cyber Incident Reporting for Critical Infrastructure Act, aims to collect comments on reporting requirements for covered cyber incidents and ransom payments for critical infrastructure entities.
- The proposed rule has implications for biometrics companies, requiring them to establish or enhance cybersecurity incident detection, response, and reporting mechanisms for handling biometric data.
In a proposed rule by the Cybersecurity and Infrastructure Security Agency (CISA) under the Department of Homeland Security, entities designated as critical infrastructure are required to report covered cyber incidents and ransom payments to CISA. The rule addresses practical and policy issues related to reporting obligations, enforcement procedures, and data preservation requirements. For biometrics companies, this rule carries implications due to the sensitive nature of biometric data and its use in critical infrastructure sectors. Companies must ensure robust data protection measures to securely manage and preserve biometric data without compromising privacy.
The proposed rule estimates a total cost of $2.6 billion over the analysis period, with costs shared between the industry and the government. Benefits include enhanced cybersecurity, reduced economic consequences from cyber incidents, and improved national security. The comment period extends to 60 days after publication in the Federal Register.
