top of page

What the Critical Infrastructure Act of 2022 (CIRCIA) Means for Small Businesses

Business owner in a wheelchair doing work at a computer

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is a crucial step in strengthening the United States' cybersecurity framework. Signed into law by President Biden in March 2022, CIRCIA mandates that the Cybersecurity and Infrastructure Security Agency (CISA) develop regulations to ensure that entities within critical infrastructure sectors report significant cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). This includes reporting cyber incidents within 72 hours and ransomware payments within 24 hours. Though the law was signed, CISA has not released formal regulations that need to be adhered to yet.

What is a Cyber Incident?

A cyber incident is any event that jeopardizes the integrity, confidentiality, or availability of digital information or systems. This can include unauthorized access to systems, data breaches, ransomware attacks, and other malicious activities that disrupt operations or compromise sensitive data.

Key Provisions of CIRCIA

  • Mandatory Reporting: Entities must report significant cyber incidents and ransomware payments to CISA within specified timeframes.

  • Support and Resources: By reporting incidents, organizations can receive immediate assistance from CISA to manage and mitigate threats.

  • Trend Analysis and Prevention: CISA uses reported data to identify trends and share warnings, helping to prevent further attacks across different sectors.

  • Public Involvement: The Notice of Proposed Rulemaking (NPRM) is open for public comment until July 3, 2024, allowing stakeholders to shape the final regulations. To participate in the public comment period, visit the CISA website.

The Critical Infrastructure Act: Impact on Small Businesses

Small businesses within critical infrastructure sectors must adhere to these reporting requirements when they are released by CISA. However, in the meantime, CISA encourages voluntary reporting of cyber incidents. This proactive approach not only helps protect individual businesses but also strengthens the overall cybersecurity landscape by enabling timely threat detection and response.


At LogicWing, we do a lot more than just keep track of the latest tech tips, we also migrate data, offer consulting, and can help you manage your Google Workspace for Education and Business accounts with our Managed Services. Schedule a free consultation with us to learn more.



Enjoy our post? Subscribe to our newsletter

We won't send spam. Unsubscribe at any time.

Thanks for subscribing!

bottom of page