Cybersecurity Legislation
As the digital landscape shifts and evolves, so do cybersecurity needs, threats, and sophistication levels. To keep up, organizations and governments need to ensure they’re meeting current cybersecurity standards — and preparing for near-future ones. Cybersecurity policy also changes to meet these needs, and impacts all entities of the public and private sectors.
By late 2021, the Center for Strategic and International Studies found 157 pieces of cybersecurity legislation from the 117th Congress, excluding the National Defense Authorization Act (NDAA) for fiscal year 2022. Risk assessment was the most popular category for both chambers.
Cybersecurity Policy Redefined
Identifying potential threats and vulnerabilities, and analyzing what could happen if an attack occurs, is critical to cybersecurity hygiene. This risk assessment has organizations largely turning to reporting and responding — they must know whom to tell and what to do to manage the situation. So, lawmakers have been outlining processes and procedures to streamline response.
Congress introduced the Cyber Vulnerability Disclosure Reporting Act, which would require the Department of Homeland Security to publish policies and procedures to coordinate the reporting of digital flaws. In the Strengthening American Cybersecurity Act of 2022, Congress passed a law requiring operators of critical infrastructure to report significant cyberattacks to DHS’ Cybersecurity and Infrastructure Security Agency within 72 hours. A ransomware payment would have to be reported within 24 hours.
At the state level, New Jersey introduced a bill requiring public agencies to report cybersecurity incidents to the New Jersey Office of Homeland Security. And West Virginia is calling on the Office of Technology to outline reporting requirements.
Legislators are also redefining terms like “disaster” and “larceny” to include certain cyber incidents. With the rise of massive cyberattacks like WannaCry and the Colonial Pipeline attacks, changes in cybersecurity policy (including definitions pertaining to such) will continue to evolve and impact businesses and government entities alike. Tracking cybersecurity legislation will help your organization keep abreast and compliant of important cyber policy trends.
What This All Means for Digital Policy
Data privacy and cybersecurity are just two key trends when considering the digital policy landscape. As they change with technological evolution, policy will change, too.
When new social media sites gain traction, when marketing strategies rely on consumer data, when companies and governments face cyberattacks that can impact national security — all this is used to dictate and direct digital policy. Analyzing online engagement isn’t enough to know or prepare for what’s to come — and often, these tools miss the bigger picture.
Savvy organizations know they need to not only track emerging and developing legislation and regulations, but also understand and stay ahead trends and sentiment that can affect policy and, in turn, their business. FiscalNote gives you the tools and solutions to help you get ahead of major policy, geopolitical, and marketing moving events before they become law.