CISA to Host Industry Town Halls on Cyber Incident Reporting Rule Requirements

Post Views: 4

US Cybersecurity Agency to Host Town Hall Meetings on Cyber Incident Reporting Rule

The US Cybersecurity and Infrastructure Security Agency (CISA) is set to host a series of town hall meetings to gather feedback from critical infrastructure sectors on the proposed Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

Objective of the Meetings

The agency aims to finalize the rule, which was introduced in 2022, and is seeking input from industry representatives on key aspects of the regulation.

Key Discussion Points

What information should be included in incident reports
Whether company size should be a determining factor in compliance
How the agency can effectively use subpoenas to obtain information from non-responsive firms
Whether cloud companies, managed service providers, and other operators should be required to report incidents related to open-source software they use

Rule Requirements

The proposed rule, which was released in April 2024, would require organizations covered by the rule to notify the government within 72 hours of major cyber incidents.

CISA is looking for “specific, actionable improvements” that can be made to the regulation to achieve this goal.

Importance of the Rule

The CIRCIA rule is a significant development in the US government’s efforts to improve cybersecurity incident reporting and response.

CISA’s Commitment to Industry Engagement

By hosting the town hall meetings, CISA is demonstrating its commitment to engaging with industry stakeholders and ensuring that the final rule is informed by their expertise and experience.

The meetings will provide a valuable opportunity for sector representatives to shape the development of the rule and ensure that it is effective in achieving its objectives.