Cyber

CISA seeks public comment on upcoming major cyber incident reporting regulations

Industry will have until Nov. 14 to comment on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

September 12, 2022

Jen Easterly, nominee to be the Director of the Homeland Security Cybersecurity and Infrastructure Security Agency, testifies during her confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, DC. Easterly will be responsible for overseeing the defense of national cyber attacks. (Photo by Kevin Dietsch/Getty Images)

The Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a request for public input on proposed regulations that are expected to shake up how the private sector and public agencies respond to major cyberattacks.

The public will have until Nov. 14 to comment on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which directs CISA to oversee implementation of regulations that require relevant entities to provide the agency with detailed reports about cyber incidents and ransom payments they may face.

CISA Director Jen Easterly said last week that the agency would move forward with seeking industry feedback and implementing CIRCIA. Speaking at the Billington Cybersecurity Summit in Washington, she said: “This will finally allow us a much better understanding what’s going on across the ecosystem … [W]e don’t want to burden industry and we don’t want to burden the federal government with noise either.”

Easterly added that after the request for information is issued, she also intends to host several listening sessions with industry to ensure the rule-making process is “consultative.”

CISA’s request for input comes after President Biden in March signed key legislation requiring critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware attacks within 24 hours.

The enactment of CIRCIA regulations would allow CISA, in conjunction with other federal partners, to more rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and understand how malicious cyber actors are perpetrating their attacks.

In its request for public comment CISA said it is particularly interested in feedback on its definitions of the terminology to be used in the proposed regulations, the manner in which reports will be required to be submitted under CIRCIA, and other incident reporting requirements including the requirement to report a description of the vulnerabilities exploited.

CISA seeks public comment on upcoming major cyber incident reporting regulations

More Like This

Federal CIO calls on Congress to fund Technology Modernization Fund

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

More Scoops

CISA’s Easterly points to government’s ‘purchasing power’ as a tool to force secure software development

Identity-focused attacks remain the most vulnerable entry point to an organization

Insiders worry CISA is too distracted from critical cyber mission

Sen. Warner criticizes HHS and CISA for lack of coordination on cybersecurity, pushes for new cyber exec

ONCD senior leader says FBI and operational cyber agencies have improved incident info sharing

TSA revises cybersecurity guidelines for gas pipeline owners and operators

Watchdog calls on HHS to improve feedback system for health care cyber breach reporting

Latest Podcasts

CISA seeks public comment on upcoming major cyber incident reporting regulations

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Tech

Defense

Cyber

Acquisition