CISA issues notice for long-awaited critical-infrastructure reporting requirements

The Cybersecurity and Infrastructure Security Agency posted a long-anticipated notice of proposed rulemaking Wednesday for the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The rule would require covered entities to promptly report cyber disruptions and ransomware payments.

1 Min Read
CISA issues notice for long-awaited critical-infrastructure reporting requirements

The Cybersecurity and Infrastructure Security Agency posted a long-anticipated notice of proposed rulemaking Wednesday for the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The rule would require covered entities to promptly report cyber disruptions and ransomware payments.

CIRCIA requires covered entities to report significant cyber incidents within 72 hours of discovery. Critical infrastructure entities will also have to report ransom payments within 24 hours.

The proposed rule is designed to help federal authorities better coordinate critical infrastructure threat responses and share vital details with industry and government partners.

“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” CISA Director Jen Easterly said in the Wednesday announcement. “It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats.”

CISA estimates the cost of the proposed rule will be $2.6 billion over the period of analysis and estimates more than 316,000 entities will potentially be affected by the rule. 

To read the complete article, visit Utility Dive.

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community