"What CISA Wants Critical Infrastructure Partners to Report on Cyber Incidents"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has published a guide on the type of cyber incidents that critical infrastructure entities should be sharing with the government and how they should be sharing information about such events as it tackles the rulemaking process to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The new cyber incident reporting law gives CISA 3.5 years to finalize rules that address questions about the applicability of the law. These rules will clarify what types of incidents and entities are covered by CISA's 72-hour reporting requirements or 24-hour requirements in the event of a ransomware attack. The recently released guide is intended for critical infrastructure owners and operators, as well as federal, state, local, territorial and tribal government partners. According to the guide, the kinds of incidents that should be shared with CISA include unauthorized access to a system, Denial-of-Service (DoS) attacks lasting over 12 hours, malicious code on a system, targeted and repeated scans against services on systems, repeated attempts to gain unauthorized access to a system, email or mobile messages associated with phishing attempts or successes, and ransomware against critical infrastructure. CISA also highlights what entities should include when reporting cyber event information such as incident time, incident location, a detailed narrative of the event, and more. This article continues to discuss the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and the new guide on sharing cyber event information. 

NextGov reports "What CISA Wants Critical Infrastructure Partners to Report on Cyber Incidents"