CISA Requests Input from Infrastructure Sector on Incident Reporting Regulations

Last updated on by on Categories
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

Agency Seeks Input on Cyber-Incident Reporting Regulation

The Cybersecurity and Infrastructure Security Agency (CISA) is soliciting feedback from critical infrastructure partners as it finalizes an eagerly awaited cyber-incident reporting regulation. This initiative aims to enhance national cybersecurity while ensuring minimal burden on stakeholders.

In a notice slated for publication in the Federal Register this Friday, CISA has announced a series of town hall meetings.

These forums will allow various sectors to voice their perspectives on the forthcoming rule, mandated by the 2022 Cyber Incident Reporting for Critical Infrastructure Act.

A draft version of the rule, released in April 2024, stipulated a 72-hour period for covered infrastructure operators to report significant cyber incidents to the government.

However, business advocates and select lawmakers expressed concerns over the extensive data reporting requirements and the wide array of companies that would be encompassed under this regulation.

CISA has acknowledged the concerns expressed by stakeholders, emphasizing its commitment to implementing CIRCIA in a manner that bolsters the nation’s cybersecurity while alleviating undue burdens on critical infrastructure entities.

The agency is keen to receive suggestions for “specific, actionable improvements” that might clarify or lessen reporting obligations while still equipping the government with essential insights into the cyber threat landscape.

Furthermore, CISA is particularly interested in feedback regarding:

  • The nature of information required in incident reports.
  • Criteria based on company size for determining inclusion.
  • The subpoena process for acquiring information from non-compliant companies.
  • The potential need for cloud vendors and managed service providers to report incidents involving utilized open-source code.
  • Identification of any overlooked categories of infrastructure operators.

Details on the Town Hall Meetings

CISA plans to conduct seven town hall meetings aimed at gathering commentary on the proposed CIRCIA rule. Initially, five sessions are scheduled for March, targeting different sectors:

  • March 9: Chemical, water, dams, energy, and nuclear sectors.
  • March 12: Commercial facilities, manufacturing, and food and agriculture.
  • March 17: Emergency services, government facilities, and healthcare.
  • March 18: Communications, transportation, and financial services.
  • March 19: Defense contractors and information technology companies.
  • March 31: A general session for any interested organizations.
  • April 2: A second general session.

CISA anticipates that each meeting will last up to two hours, limiting individual speaker contributions to approximately three minutes.

Transcriptions of the discussions will be recorded and subsequently posted in the CIRCIA rulemaking docket.

It is important to note that CISA will not disclose nonpublic information regarding the rulemaking during the meetings, nor will it commit to resolving specific policy issues raised by the discussions.

A Wealth of Existing Feedback

A glass wall with a red CISA logo in front of server racks in a data center.

In recent years, CISA has diligently reviewed a substantial volume of stakeholder feedback regarding the scope of the cyber incident reporting rule.

An initial Request for Information yielded 130 comments, while over 730 individuals participated in more than a dozen sector-specific listening sessions. A 90-day public comment period on the draft rule generated approximately 300 additional comments.

CISA remains steadfast in its commitment to engage stakeholders throughout the rulemaking process, striving to find a judicious balance between cost and benefit as it approaches finalization of the rule.

Although the agency has not definitively stated that the public comment period for the draft rule will reopen, it has indicated that such an action may be considered in the future should circumstances warrant it.

Source link: Cybersecuritydive.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Topics
Our Partners
Copyright © 2026 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.