The Cybersecurity and Infrastructure Security Agency (CISA) is expected to finalize a new rule requiring critical infrastructure providers to report significant cyber incidents directly to the agency by September. This mandate, stemming from the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), aims to enhance the government's visibility into major cyber events affecting essential services, with further coverage provided by Nextgov.The CIRCIA rule mandates that critical infrastructure entities report substantial cyber incidents within 72 hours and ransomware payments within 24 hours. This legislation, which initially passed Congress in 2022, moves from a voluntary reporting system to a mandatory regime, addressing concerns that arose after major attacks like SolarWinds and the Colonial Pipeline incident. The government historically relied on voluntary cooperation, but the new rule aims to provide a clearer picture of threats to U.S. networks.The finalization of the rule has faced delays, including a missed statutory deadline and scheduling issues related to a Department of Homeland Security shutdown, but CISA has engaged in stakeholder discussions to refine the directive. The urgency for such a rule was amplified by fears of cyberattacks on U.S. infrastructure linked to geopolitical conflicts, such as Russia's invasion of Ukraine.Source: Nextgov
Critical Infrastructure Security
CISA to finalize critical infrastructure cyber incident reporting rule in September

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



