Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), previewed CISA’s new strategic plan and said that they would soon publish a request for information (RFI) regarding cyber incident reporting requirements. CISA’s strategic plan will have four [pillars: cyber defense; risk reduction and resilience; operational collaboration; and agency unification. In addition to the RFI about cybersecurity incident reporting rulemaking, CISA plans to hold “listening sessions” to gather feedback from industry.
- When talking about reporting, the conversation needs to include a good understanding about how the information is protected and who has access to it. But don’t forget to make sure you understand what information is required, that you can actually provide it in the format needed. The schedule for the listening sessions as well as links to the proposed regulation are on the CISA Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) site (https://www.cisa.gov/circia).