The Department of Homeland Security (DHS) has announced a proposed set of rules for critical infrastructure reporting. In the event of a cyberattack or other cyber incident, these rules will outline how critical infrastructure organizations will be expected to report to the federal government. The process of reporting incidents will be overseen by the CISA, as is stipulated by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
“The convergence and alignment of cybersecurity requirements by industry regulators and government agencies such as the SEC and CISA is much needed. It will allow corporations to simplify and therefore deploy more effective cybersecurity programs. We also recommend enterprises start with a cyber risk quantification exercise to bring clarity on where they’re most at risk and how to prioritize risk mitigation projects.”