CISA seeks public input on new cybersecurity incident, ransomware reporting plans

As required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Notice of Proposed Rulemaking on new cybersecurity measures meant to bolster its real-time capabilities.

“Cyber incident reports submitted to us through CIRCIA will enable us to better protect our nation’s critical infrastructure,” Secretary of Homeland Security Alejandro Mayorkas said. “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents, and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors. The proposed rule is the result of collaboration with public and private stakeholders, and DHS welcomes feedback during the public comment period on the direction and substance of the final rule.”

CISA is a component of the Department of Homeland Security (DHS).

The proposed rule was published in the Federal Register. However, CISA has gathered input from public and private sector stakeholders on the rule since September 2022. Its umbrella includes proposed regulations for cyber incident and ransomware payment reporting, as CISA works to develop insights into cyber threats, reduce risks and offer early warning capabilities to potential targets.

“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” CISA Director Jen Easterly said. “It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats. We look forward to additional feedback from the critical infrastructure community as we move towards developing the Final Rule.”

An important function of the proposed rule is that it would allow CISA to identify patterns in something closer to real-time, allowing it to more rapidly allocate resources and patch information holes in the face of potential and ongoing cyber attacks. Speed is of the essence in such cases, the agency noted, as it can keep other organizations from suffering similar attacks and allow the agency to better assist the compromised.

Once published, the public has 60 days to comment on the proposed rule.