The Cybersecurity and Infrastructure Security Agency is preparing to formally seek input from the public on how to best create an incident reporting regime for attacks on critical infrastructure.
The agency will issue a request for information to “in the next couple day” to “help us inform our rulemaking process,” CISA Director Jen Easterly said during the Billington Cybersecurity Summit in Washington.
CISA will also hold 11 listening sessions around the country to gain additional feedback, she said.
“I’m very excited for that. As you know, I spent over a decade at the National Security Agency so I’m very good at listening,” Easterly joked.
Earlier this year President Joe Biden signed into law a spending bill that included a measure giving CISA up to two years to publish an interim rule detailing how critical infrastructure companies and operators to report breaches, as well an additional 18 months to issue a final rule.
However, Easterly and other agency officials have said they hope to move much faster than that timetable due to concerns about future hacks.
Easterly said it is “hugely important … to make sure that we are not overly burdening the private sector,” especially private entities that are “under duress if they have been attacked.”
In addition to its work on incident reporting, Easterly said CISA would hold a call later today with the United Kingdom’s National Cyber Security Centre about the recent wave of ransomware attacks that have hit that country.
The agency also will release its first “strategic plan” in the coming days and will co-chair, along with the FB, the first meeting of federal agencies that are members of a public-private ransomware task force created by the spending bill, she said.
The post CISA readying info request, listening tour on cyber incident reporting appeared first on The Record by Recorded Future.
Article Link: CISA readying info request, listening tour on cyber incident reporting - The Record by Recorded Future