CyberSecurityBoard
Sponsor Register Login

CISA Sells Private Sector on CIRCIA Reporting Rules

RSA CONFERENCE 2024 - San Francisco - The Cybersecurity and Infrastructure Security Administration has tagged an additional 30 days onto the window for the private sector to provide feedback on proposed Cyber Incident Reporting for Critical Infrastructure incident reporting rules.
The agency has to maintain an open and collegial relationship with the private sector because it simply doesn't have the resources necessary to do the job in-house.
The reality of imposing another set of disclosure deadlines, on top of Security and Exchange Commission regulations and state and local requirements, brings concerns about potentially piling more red tape onto victims of a cybercrime, and ultimately slowing down incident response.
After saddling CISA with the responsibility of collecting CIRCIA reporting, Congress denied any additional funding to help them resource up for the job.
Now CISA is stuck - and asking for help from the same group it's required to regulate.
CISA executive director Brandon Wales tried to downplay enforcement and instead implored the cyber community to view sharing their incident data with the federal government as a gesture of goodwill to shore up the entire country's cyber defenses.
Bergin reminded the audience that failure to comply with the regulation could result in organizations being banned from doing any business with the federal government.
Individual enterprise victims won't likely see a direct benefit from sharing their intelligence with CISA, Wales explained, but will see improvements in the long run as the agency is able to do a better job at defending because it is aided by data from across the US infrastructure ecosystem.
Wales added that CISA is trying to become the singular repository for incident reporting, meaning organizations that have overlapping oversight from federal and state agencies could see a simpler process following the implementation of CIRCIA reporting rules.
Large cyber organizations like CrowdStrike have been working with CISA through the Joint Cyber Defense Collaborative, while also acting as a vendor to the agency.
CISA will accept recommendations on CIRCIA rules via the Federal Register through July 3.


This Cyber News was published on www.darkreading.com. Publication date: Fri, 10 May 2024 00:10:15 +0000


Cyber News related to CISA Sells Private Sector on CIRCIA Reporting Rules

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
4 months ago Cyberdefensemagazine.com
CISA Sells Private Sector on CIRCIA Reporting Rules - RSA CONFERENCE 2024 - San Francisco - The Cybersecurity and Infrastructure Security Administration has tagged an additional 30 days onto the window for the private sector to provide feedback on proposed Cyber Incident Reporting for Critical ...
8 months ago Darkreading.com
Bringing Composability to Firewalls with Runtime Protection Rules - Rule control - Customers could not easily write their own firewall rules because of the use of proprietary languages that most teams weren't familiar with unless they received specialized training, or behind walled gardens only accessible by vendor ...
11 months ago Securityboulevard.com
What Are Firewall Rules? Ultimate Guide - Firewall rules are preconfigured, logical computing controls that give a firewall instructions for permitting and blocking network traffic. Network admins must configure firewall rules that protect their data and applications from threat actors. ...
1 year ago Esecurityplanet.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
8 months ago Securityaffairs.com
Important details about CIRCIA ransomware reporting - This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments. Ransomware attacks have become ...
8 months ago Securityintelligence.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
4 months ago Therecord.media
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
8 months ago Cisa.gov
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
1 year ago Go.theregister.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
No one's happy with latest US cyber incident reporting plan The Register - Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in ...
11 months ago Go.theregister.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
1 year ago Packetstormsecurity.com
Insights from CISA HPH Sector Risk and Vulnerability Assessment - In an ever-evolving digital landscape, the healthcare and public health sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency recently conducted a Risk and Vulnerability Assessment, ...
1 year ago Securityboulevard.com
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
10 months ago Securityweek.com
Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole - The Federal Communications Commission has released draft rules to reinstate net neutrality, with a vote on adopting the rules to come on the 25th of April. The FCC needs to close some loopholes in the draft rules before then. Net neutrality is the ...
9 months ago Eff.org
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
10 months ago Go.theregister.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
1 year ago Blog.virustotal.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
How CSRD and EED are Reshaping Data Center Sustainability Reporting - It requires companies to prepare annual sustainability reports following the European Sustainability Reporting Standards. The CSRD introduces assurance requirements for sustainability reports, necessitating independent verification by auditors. ...
1 year ago Securityboulevard.com
Latest Information Security and Hacking Incidents - Private cloud providers may be among the primary winners of today's generative AI gold rush, as CIOs are reconsidering private clouds, whether on-premises or hosted by a partner, after previously dismissing them in favour of public clouds. At the ...
8 months ago Cysecurity.news
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
8 months ago Cisa.gov
Incident Response Guide for the WWS Sector - Today, CISA, the Federal Bureau of Investigation, and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems Sector. The guide includes contributions from over 25 WWS Sector organizations ...
1 year ago Cisa.gov
Establishing New Rules for Cyber Warfare - The efforts of the International Committee of the Red Cross to establish rules of engagement to combatants in a cyberwar should be applauded internationally, even if adherence is likely to be limited. The ICRC recently released a set of rules for ...
1 year ago Darkreading.com
What Is Packet Filtering? Definition, Advantages & How It Works - Packet filtering is a firewall feature that allows or drops data packets based on simple, pre-defined rules regarding IP addresses, ports, or protocols. Each data packet consists of three components: a header to provide information about the data ...
11 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)