Priya Patel
TLDR:
- CISA has proposed a rule to implement the requirements of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
- The rule aims to help CISA identify trends in cyber incidents and enhance response efforts.
Proposed CIRCIA Rule Seeks to Help CISA Spot Trends Using Cyber Incident Reports
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notice of proposed rulemaking to implement the requirements of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, also known as CIRCIA. This rule aims to enable CISA to enhance its ability to identify trends, field resources to help organizations affected by cyberattacks, address critical information gaps, and warn other entities using the reported cybersecurity incident and ransomware information.
CISA Director Jen Easterly, a 2024 Wash100 awardee, emphasized the significance of CIRCIA in the cybersecurity community. She mentioned that the rule will allow better understanding of threats, early spotting of adversary campaigns, and more coordinated action with public and private sector partners in response to cyber threats. The NPRM for the proposed rule is set to be published in the Federal Register on April 4 and includes regulations for cyber incident and ransom payment reporting.
The CIRCIA rule is expected to have a significant impact on the cybersecurity landscape, helping organizations and agencies better respond to and mitigate cyber threats. By requiring reporting on cyber incidents and ransom payments, CISA aims to create a more comprehensive and coordinated approach to cybersecurity across critical infrastructure sectors.
