New CIRCIA Bill and What It Means for Whistleblowers

May 3, 2022

By: Christopher A. Iacono

Takeaway: Uncertainties over threats of cyberattacks resulted in both the House and Senate passing CIRCIA, which created an opportunity for whistleblowers to come forward under the False Claims Act with information about agencies and contractors failing to report cybersecurity breaches in a timely manner. Following CIRCIA, Congress voted to pass the Better Cybercrime Metrics Act to help analyze the effectiveness of cybercrime reporting.


President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) on March 15, 2022.[1] This Bipartisan Act, which passed both the House and Senate after fears of retaliatory cyberattacks from Russia, requires owners and operators of critical infrastructure to report specific incidents to the Cybersecurity Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. These two obligations require:

  • “Covered cyber incidents” to be reported to CISA within 72 hours,[2] and
  • Ransomware payments to be reported to CISA within 24 hours.[3]

These reporting requirements are not in effect immediately, and companies have some time to put the proper reporting systems in place. Once in effect, this Act creates an opportunity for potential whistleblowers who have knowledge of a failure to report cybersecurity breaches to CISA in a timely manner. Whistleblowers can take advantage of a failure to report under the False Claims Act through a Qui Tam lawsuit.

Following the passage of CIRCIA, on March 30, 2022, the Senate and House both voted to pass the Better Cybercrime Metrics Act. The Bill now sits on President Biden’s desk for his signage into law. This Act was inspired by the attacks on the Colonial Pipeline in 2021 and would improve the reporting on the effectiveness of federal government cybercrime investigations.[4]

[1] Cyber Incident Reporting for Critical Infrastructure Act of 2022, H.R. 2471, 116th Cong. (2022).
[2] H.R. 2471 § 2242(a)(1)(A).
[3] H.R. 2471 § 2242(a)(2)(A).
[4] https://thehill.com/policy/cybersecurity/600357-house-sends-bipartisan-cybercrime-bill-to-biden/

News & Events

Related News

24 Pietragallo Lawyers Named in 2022 Pennsylvania and Florida Super Lawyers and Rising Stars
May 23, 2022
Pietragallo is pleased to announce that 24 lawyers have been named as 2022 Super Lawyers and Rising Stars, including partner Marc Raspanti who was recognized in the Top 100 in Pennsylvania and Philadelphia. Read More
24 Pietragallo Lawyers Named in 2021 Pennsylvania Super Lawyers and Rising Stars
June 9, 2021
Including Recognition in Top 100 in Pennsylvania and Top 100 In Philadelphia Pietragallo Gordon Alfano Bosick & Raspanti, LLP is pleased to announce that 24 attorneys have been named as 2021 Super Lawyers and 2021 Rising Stars, including two attorneys who were also recognized in the Top 100 in Pennsylvania and Top 100 in Philadelphia. Read More
View More News & Events