- The Cybersecurity and Infrastructure Security Agency formally announced plans to issue a request for information seeking public input on new incident reporting mandates under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which President Joe Biden signed in March.
- The RFI will be published in the Federal Register on Monday, giving the critical infrastructure community and other members of the public up to 60 days to provide written comments.
- The law calls for critical infrastructure providers to report significant cybersecurity breaches and attacks as well as ransomware payments to CISA. The goal is to help government officials quickly respond to attacks as well as share threat intelligence with related organizations who may face the same set of cyber threats.
CISA Director Jen Easterly previewed the request during an appearance at the Billington CyberSecurity Summit in Washington D.C. Wednesday.
During the appearance, Easterly announced the agency will also be hosting an 11-stop public listening tour to get live feedback on the issue.
“The Cyber Incident Reporting for Critical Infrastructure Act of 2022 is a game changer for the whole cybersecurity community and everyone invested in protecting our nation’s critical infrastructure,” Easterly said in the announcement today.
The new reporting mandate lets CISA better understand the threat landscape, spot adversary campaigns earlier, and "take more coordinated action with our public and private sector partners in response," Easterly said.