CIRCIA requirement
CISA Working on Cyber Incident Reporting Rules
The Cybersecurity and Infrastructure Security Agency is currently developing rules for reporting cyber incidents and ransomware attacks on critical infrastructure entities. The agency is required to create regulations under the Cyber Incident Reporting for Critical Infrastructure Act, which was signed into law in March 2022. Eric Goldstein, CISA’s executive assistant director for cybersecurity, said CISA targets to issue a notice of proposed rulemaking ahead of the 2024 deadline prescribed under CIRCIA, The Wall Street Journal reported.
In an interview with WSJ, Goldstein highlighted the importance of maintaining partnerships with organizations in the public and private sectors in securing critical networks. According to the official, CISA is building trusted partnerships through the Joint Cyber Defense Collaborative, which was established in 2021 to enable information sharing between cybersecurity companies, critical infrastructure owners and CISA’s government partners.
Goldstein shared that CISA is working to simplify its cybersecurity guidance to make it easier for “target-rich, resource-poor organizations” to adopt security measures. The agency is also aiming to achieve an IT environment consisting of technology products that are secure by design and by default. According to the assistant director, giving organizations too many cyber measures to implement and having them run unsecured tech products could cause failure in complying with CISA’s cyber guidance.
Category: Cybersecurity