The Cybersecurity and Infrastructure Security Agency (CISA) was implored by financial sector associations to overhaul a proposed rule mandating cyber incident reporting among critical infrastructure within 72 hours, which could lead to significant burden to cybersecurity teams if implemented, SC Media reports.Top financial industry leaders wrote in an open letter to Department of Homeland Security Secretary Kristi Noem and Office of Management and Budget Director Russell T. Vought that adopting the rule would be counter to the intended mission of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The letter was signed by the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and Securities Industry and Financial Markets Association."This includes expansive thresholds for reporting that would capture de minimis outages to non-critical services and extensive data elements that, as currently drafted, will consume the finite time of critical personnel," the letter said.This development comes months after the same financial groups sought to limit incident reporting to only those impacting critical services, as well as the submission of only "reasonably available" breach information within the mandated reporting period.
Related Terms
Attack VectorYou can skip this ad in 5 seconds