The Cybersecurity and Infrastructure Security Agency (CISA) is soliciting public input regarding new cyber incident reporting requirements.
Authorities indicated a Request for Information (RFI) would provide the public with 60 days to provide written submissions detailing feedback on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Joe Biden signed into law in March 2022.
According to CISA, the CIRCIA requires the agency to develop and publish a Notice of Proposed Rulemaking (NPRM) for public comment and review that contains proposed regulations for cyber incident and ransom payment reporting while soliciting input from the critical infrastructure community and other members of the public as a means of informing CISA’s development of the proposed regulations.
“The Cyber Incident Reporting for Critical Infrastructure Act of 2022 is a game changer for the whole cybersecurity community and everyone invested in protecting our nation’s critical infrastructure. It will allow us to better understand the threats we are facing, to spot adversary campaigns earlier, and to take more coordinated action with our public and private sector partners in response,” CISA Director Jen Easterly said. “We can’t defend what we don’t know about, and the information we receive will help us fill critical information gaps that will inform the guidance we share with the entire community, ultimately better defending the nation against cyber threats.”
Easterly said CISA looks forward to continuing to learn from the critical infrastructure community to understand how the agency can implement the new cyber incident reporting legislation in the most effective way possible to protect the nation’s critical infrastructure.