A new era of cybersecurity policy in the United States launched in March 2022 – just weeks after Russia’s invasion of Ukraine, Congress enacted the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), giving the Cybersecurity and Infrastructure Security Agency (CISA), within the Department of Homeland Security, its first, and perhaps not last, rulemaking authority. One step in that rulemaking process involves receiving feedback from the public with 11 listening sessions to take place around the country, the second of which is being held today in New York. In this first installment of a two-part guest article series, Wilkinson Barker Knauer attorneys examine important provisions of CIRCIA that CISA, with industry input, will shape through the rulemaking process. Part two will identify areas of particular concern to the most significant critical infrastructure sectors, including financial services, communications and energy, and it will discuss the future of cybersecurity regulation in the United States. See “Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats” (Jun. 29, 2022).