The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), enacted in 2022, marked a significant shift in how the U.S. manages cyber threats. By requiring organizations in designated critical infrastructure sectors to report cyber incidents and ransom payments to the Cybersecurity and Infrastructure Security Agency (CISA), CIRCIA aims to strengthen national cybersecurity. However, as author Justin P’ng argues, current requirements may not go far enough to fully empower the U.S. government’s cyber threat response. P’ng advocates for a more comprehensive mandate—one that extends reporting obligations to both private and public sector entities and involves joint reporting to the Federal Bureau of Investigation (FBI) and CISA. Expanding CIRCIA in this way would enhance threat intelligence, improve law enforcement responses, and advance cybersecurity insights nationwide.

Breaking the Silence in CyberspaceDownload

By: Justin P'ng

Share this post

More Journals

Military Law

Support for Division-Level Innovation Cells During Continuous Transformation

Student NotePrivacy

Law Enforcement’s Use of Commercially Acquired Information: How Can Congress Strike a Legislative Balance Between Privacy Concerns and National Security Risks in the Absence of Fourth Amendment Protections?

Geopolitical

Litigating U.S. National Security Measures Utilizing Economic Tort Claims

Defense Policy

The Role of the Judiciary: A Critique of the Military Deference Doctrine