The Department of Homeland Security published actionable recommendations to harmonize and streamline cyber incident reporting in the U.S. critical infrastructure sector.
The agency on Tuesday outlined proposed actions including creating a model cyber incident form for federal entities to fill out, clarifying definitions of reportable cases and establishing a centralized web portal to inform authorities of such events.
The guidance was developed in partnership with the Cyber Incident Reporting Council, which sought private sector input and analyzed more than 50 different requirements for government agencies disclosing online threats .
“The recommendations that DHS is issuing today provide needed clarity for our partners,” said Secretary of Homeland Security Alejandro Mayorkas.
“I look forward to working with Congress and partners across every level of government and the private sector to implement these recommendations and strengthen the resilience of communities across the country,” added Mayorkas, a Wash100 awardee.
Jen Easterly, director of the Cybersecurity and Critical Infrastructure Agency, said the recommendations will help inform their proposed rule on reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act. Sharing information on cyber incidents “allows us to spot trends in real-time, rapidly render assistance to victims, and share information to warn other potential targets before they become victims,” according to Easterly, who is also an inductee into the Wash100.
