The Cybersecurity and Infrastructure Security Agency will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries, according to The Record, a news site by cybersecurity firm Recorded Future.
With the feedback period extended until July 3, the CISA is expecting more substantive comments on how it could strengthen regulations aimed at bolstering federal cyber incident and ransomware payment tracking activities, said CISA Executive Director Brandon Wales during a roundtable discussion at this year's RSA Conference.
"We are actively hoping that we get good, high-quality feedback from critical infrastructure so that we can make sure that the final rule is as good as it can be, and helps us meet the intent of the program," said Wales.
Such a development comes a week after lawmakers and industry representatives raised concerns regarding CISA's excessive restrictions on critical infrastructure organizations under the rule.