Incident reporting
platform
CISA Receives Comments on Cyber Incident Reporting Platform
Cybersecurity groups and other entities are asking the Cybersecurity and Infrastructure Security Agency to establish a single, secure portal where organizations would report cyber incidents and ransom payments.
The Cybersecurity Coalition, a group of firms that includes Cisco, Google and Microsoft, said in response to CISA’s request for information for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 that the portal should allow stakeholders to report compromises easily through mobile devices and out-of-band communication channels. Mitre Corp. also stated in a separate comment that different organizations use different tools and applications to share cyber incidents.
Mitre said a reporting platform should have a basic web application, an instant messaging application and an ability to allow users to call in for reports, Federal News Network reported.
The U.S. Telecom Association said in its comments that a cybersecurity reporting platform should streamline the contents of reports, something that can be achieved by developing a common format for reports.
CISA will also need to answer what kind of information organizations will have to report. The Municipal Information System Association of California suggested that CISA use a “simple and secure mechanism” that would ensure that information reported are simple yet appropriate and adequate.
The Californian organization suggested that the information included in reports are: the date of the incident, the date of the discovery, indicators of compromise, the type of data compromised, steps taken to remediate the issue, agencies mandated to receive the report and security logs.
Other suggestions include the development of a web-based platform with drop-down menus and the creation of a secure and vendor-neutral portal.
CISA will have until March 2024 to respond to the comments it received.
Category: Cybersecurity