The Cybersecurity and Infrastructure Security Agency has issued a notice of proposed rulemaking, or NPRM, to solicit comments on a proposed rule to implement the requirements of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, also known as CIRCIA.
CISA said Wednesday implementing CIRCIA will enable the agency to enhance its ability to identify trends, field resources to help organizations affected by cyberattacks, address critical information gaps and warn other entities using the reported cybersecurity incident and ransomware information.
“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” said CISA Director Jen Easterly.
“It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats. We look forward to additional feedback from the critical infrastructure community as we move towards developing the Final Rule,” added Easterly, a 2024 Wash100 awardee.
The NPRM is set to be published in the Federal Register on April 4 and includes proposed regulations for cyber incident and ransom payment reporting and other aspects of the CIRCIA regulatory program.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.