The Department of Homeland Security (DHS) is calling for a number of “actionable recommendations” on how the federal government can “streamline and harmonize” cyber incident reporting to help defend the nation’s critical infrastructure.
An upgraded system to report incidents will help the government chart a path to better identify trends in cyber incidents and improve organizations’ ability to prevent, respond and recover from attacks, officials said.
In addition, a streamlined reporting process could relieve critical infrastructure owners and operators from some of the weight of reporting malicious incidents.
The recommendations, delivered to Congress on September 19, 2023, are a requirement of the
Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law by President Biden in March, 2022. The legislation requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report to CISA covered cyber incidents and ransomware payments.
DHS Recommendations to Protect U.S. Critical Infrastructure
Key recommendations include the following:
- Establishes model definitions, timelines, and triggers for reportable cyber incidents.
- Creates a model cyber incident reporting form that federal agencies can adopt.
- Streamlines the reporting and sharing of information about cyber incidents.
- Assesses the creation of a single reporting web portal.
DHS’s report to Congress also acknowledges circumstances when incident reporting could be delayed, such as when it would pose a significant risk to critical infrastructure, national security, public safety, or an ongoing law enforcement investigation.
U.S. Officials Weigh In On Incident Reporting
“In the critical period immediately following a cyber-attack, our private sector partners need clear, consistent information-sharing guidelines to help us quickly mitigate the adverse impacts,” said Secretary of Homeland Security Alejandro Mayorkas. “The recommendations that DHS [are] issuing today provide needed clarity for our partners…[and] can improve our understanding of the cyber threat landscape, help victims recover from disruptions, and prevent future attacks.”
CISA director Jen Easterly said the incident reporting allows the agency to “spot trends” and share information with the nation’s cyber partners.
“Reporting cyber incidents is critical to the nation’s cybersecurity: It allows us to spot trends in real-time, rapidly render assistance to victims, and share information to warn other potential targets before they become victims,” said Easterly.
“We also recognize that the need for this information must be balanced with the burdens placed on industry, ensuring that requirements are harmonized and streamlined as effectively as possible. As the Cybersecurity and Critical Infrastructure Agency (CISA) implements reporting requirements as part of the Cyber Incident Reporting for Critical Infrastructure Act, these recommendations – along with the extensive input from stakeholders submitted as part of our rulemaking process – will help inform our proposed rule.”
The CIRCIA includes representation from 33 federal agencies, including the Departments of Homeland Security, Treasury, Defense, Justice, Agriculture, Commerce, Health and Human Services, Transportation, and Energy, the Office of the National Cyber Director, the Securities and Exchange Commission, the Federal Trade Commission, and the Federal Communications Commission.
