Encircle News!

CIRCIA and MSPs: Navigating the New Era of Cyber Incident Reporting

November 15, 2024

CompTIA Blog

The cybersecurity landscape is shifting beneath our feet, and MSPs are caught in the middle of a significant transformation. As the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) inches closer to implementation, the industry faces both challenges and opportunities in adapting to new reporting requirements.

Recent developments have only added to the complexity. In October, A coalition of critical infrastructure organizations voiced concerns in a letter to CISA director Jen Easterly about potential excessive reporting requirements. Meanwhile, a landmark Supreme Court decision has fundamentally altered how federal agencies can interpret and enforce regulations.

“CIRCIA is coming. How it comes we don’t know, but we can be prepared,” said Lawrence Cruciana, president of Corporate Information Technologies, at ChannelCon 2024. He captured the current sentiment among MSP leaders trying to navigate these changes.

Understanding the New Reality

CIRCIA’s proposed rule, expected to be finalized in early 2025, introduces stringent reporting time frames: 72 hours for most cyber incidents and just 24 hours when there’s a ransom demand.

But time isn’t the only factor MSPs need to consider.

The scope of what constitutes a “covered incident” ranges from substantial losses to operational impacts, unauthorized access and third-party compromises. For MSPs serving critical infrastructure clients, understanding these definitions becomes crucial to compliance.

Small and medium-sized MSPs might wonder if these requirements apply to them. Unfortunately, the answer isn’t straightforward. It depends on various factors defined by Small Business Administration (SBA) standards, including employee count, annual receipts and industry-specific criteria. The key is to follow the risk: If your clients fall under critical infrastructure categories, you’re likely to be affected regardless of your size.

The “Chevron Doctrine” adds another layer of complexity.

The Supreme Court’s June 2024 decision to overturn the Chevron doctrine in Loper Bright Enterprises v. Raimondo diminished Federal agencies’ authority to “power to persuade” rather than “power to control” when interpreting regulations. That means it might be less clear what rules an MSP’s actions fall under, and whether an MSP is compliant with the new rules.

“We need to be very clear in our agreements about the choice of law, choice of venue and choice of interpretation,” Cruciana said. Such clarity becomes especially important when dealing with multiple regulatory frameworks.

Some Protections for MSPs

Despite the new obligations, CIRCIA isn’t all stick and no carrot. The Act includes significant protections for reporting entities that should ease some concerns about information sharing. For example, reported information can’t be used in judicial proceedings, is exempt from most FOIA requests and requires broad de-identification of data.

This protected reporting environment represents a shift in how the government approaches cybersecurity collaboration with the private sector. It’s designed to foster honest, detailed reporting without fear of legal repercussions or competitive disadvantages.

Still, understanding your exposure is critical. “Today, take action to understand your clients, and understand how the risks they have apply to you.” That means sit-down client conversations, clear documentation, clarity on existing requirements and legal consultation, Cruciana advised. “I’ve personally been in situations where I assumed a client or vendor would make the required reports. They didn’t, and it left me in an exposed position.”

Resources for the Journey

As the industry awaits the final rule, MSPs should focus on building flexible, scalable reporting capabilities. This means reviewing incident response plans, evaluating log retention capabilities and ensuring staff are trained on proper incident classification and reporting procedures.

The Federal Multilateral Information Sharing Agreement (MISA) offers some relief by allowing for reporting exceptions when similar requirements are met under other agency regulations. This effort to harmonize shows the government’s awareness of the potential burden on businesses and its attempt to streamline compliance.

For MSPs looking to stay ahead of these changes, a few resources prove invaluable:

CISA’s CIRCIA information hub provides regular updates and guidance on implementation
The SBA’s size standards tool helps determine applicability
CompTIA Community ISAO offers threat feeds and industry-specific guidance for MSPs
The CompTIA Cybersecurity Trustmark includes a section on incident response planning to help with compliance

CIRCIA will take time to understand, implement and communicate. The key is starting now, building strong foundations and maintaining flexibility as the final requirements take shape.

The implementation of CIRCIA marks not just a new compliance requirement, but a shift in how MSPs approach cyber incident reporting and client relationships. Those who prepare now will find themselves better positioned to navigate this new era of cybersecurity regulation.

What’s the value of the Information Sharing and Analysis Organization (ISAO)?
Find out.

https://www.comptia.org/blog/circia-and-msps-navigating-the-new-era-of-cyber-incident-reporting

December 2024
M	T	W	T	F	S	S
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 – This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit