Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsGovernment: Federal, State and Local

DHS proposes reporting rules for critical infrastructure

By Security Staff
American flag in front of building columns

Image via Unsplash

April 4, 2024

The Department of Homeland Security (DHS) has announced a proposed set of rules for critical infrastructure reporting. In the event of a cyberattack or other cyber incident, these rules will outline how critical infrastructure organizations will be expected to report to the federal government. The process of reporting incidents will be overseen by the CISA, as is stipulated by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). 

Security leaders weigh in 

Jose Seara, CEO and Founder at DeNexus:

“The convergence and alignment of cybersecurity requirements by industry regulators and government agencies such as the SEC and CISA is much needed. It will allow corporations to simplify and therefore deploy more effective cybersecurity programs. We also recommend enterprises start with a cyber risk quantification exercise to bring clarity on where they’re most at risk and how to prioritize risk mitigation projects.”

John Gallagher, Vice President of Viakoo Labs at Viakoo:

“Kudos for the progress CISA has made with CIRCIA.  CIRCIA is a key milestone in moving critical infrastructure (and organizations in general) towards more awareness and coordinated response to cyber threats.  It’s not the destination (secure and resilient infrastructure), but an important waypoint towards it. 

“As the attack surface within critical industries has shifted towards IoT/OT/ICS vulnerabilities, CIRCIA has been forward-thinking in its focus on these types of vulnerabilities, and has acted as an accelerant to industry-level information and best practice sharing.   However, there needs to be a lot more effort in terms of benchmarking of preparedness and more structure around what ethical disclosure means for critical infrastructure/Cyber-Physical System (which is different than data theft).    

“The impact of critical infrastructure being breached is both enormous and highly time-sensitive, so by bringing the reporting timing down it significantly reduced the window of vulnerability from the breach.  For example, if the threat actor can rely on delayed reporting it opens up a much larger potential for organizational to be breached.  Shortening the reporting time directly shortens a cyber-criminal being able to act unnoticed.  

“It’s particularly notable that CISA has established different reporting timelines for cyber incident reporting (72 hours) versus ransomware payment (24 hours).  A longer timing for incident reporting helps to reduce false alarms and gives more time to assess the overall threat.  Ransomware payment is completely different, and if it isn’t outlawed at least there is a short reporting window.  

“Having clear definitions of what organizations are covered and details around there requirements also gives cyber insurance providers a way to work with critical infrastructure organizations and leverage these guidelines to base underwriting decisions.  

“Another aspect that stands out is the estimated costs.  Estimated costs of $2.6B over 11 years ($236M per year) is modest compared to the scale of cyber-crime or the impact of critical infrastructure incidents. Underfunding critical infrastructure or cyber-physical system security is a questionable decision.”

KEYWORDS: CISA critical infrastructure critical infrastructure cybersecurity Department of Homeland Security DHS regulatory compliance

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Europe Considers Data Breach Rules for Critical Infrastructure

    See More
  • DHS to Offer GPS Resiliency Tests for Critical infrastructure Devices

    See More
  • Abstract string of lights

    Advice for Critical Infrastructure Security and Resilience Month

    See More

Related Products

See More Products
  • Physical Security and Safety: A Field Guide for the Practitioner

  • Photonic Sensing: Principles and Applications for Safety and Security Monitoring

  • 150 things.jpg

    The Handbook for School Safety and Security

See More Products

Events

View AllSubmit An Event
  • August 25, 2026

    Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

    LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing