Just weeks after Russia’s invasion of Ukraine, Congress enacted the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which creates legal protections and provides guidance to companies that operate in critical infrastructure sectors, including requirements to report cyber incidents within 72 hours and ransom payments within 24 hours. In this second installment of a two-part guest article series, Wilkinson Barker Knauer attorneys identify areas of particular concern to the most significant critical infrastructure sectors, including financial services, communications and energy, and discuss the future of cybersecurity regulation in the United States. In part one, they examined important provisions of CIRCIA that the Cybersecurity and Infrastructure Security Agency, with industry input, will shape through the rulemaking process. See “Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats” (Jun. 29, 2022).