The US Cybersecurity and Infrastructure Security agency (CISA) has published a request for information (RFI) seeking input on proposed cyber incident reporting regulations for critical infrastructure. CISA is soliciting input as the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which “directs CISA to develop and oversee implementation of regulations requiring covered entities to submit to CISA reports detailing covered cyber incidents and ransom payments.” CISA has also scheduled series of public listening sessions across the country. CISA will accept comments through November 14, 2022.
Note
- Don’t think of this as a one-way street. While rapid reporting to CISA can help provide them overall situational awareness, CISA also has resources you, as taxpayers, can leverage when you need them. Read the proposed legislation and consider your barriers to participation, then let CISA know how those could be addressed. Don’t sit on your feedback; November 14th will arrive faster than you may think. The links from the Federal Register below include both information on how to provide feedback as well as where you can find the public listening sessions.
Read more in
- Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022
- Cyber Incident Reporting for Critical Infrastructure Act of 2022 Listening Sessions
- CISA seeks public comment on upcoming major cyber incident reporting regulations
- CISA seeks public input on cybersecurity incident reporting rules
