CyberSecurityBoard
Sponsor Register Login

CISA Sells Private Sector on CIRCIA Reporting Rules

RSA CONFERENCE 2024 - San Francisco - The Cybersecurity and Infrastructure Security Administration has tagged an additional 30 days onto the window for the private sector to provide feedback on proposed Cyber Incident Reporting for Critical Infrastructure incident reporting rules.
The agency has to maintain an open and collegial relationship with the private sector because it simply doesn't have the resources necessary to do the job in-house.
The reality of imposing another set of disclosure deadlines, on top of Security and Exchange Commission regulations and state and local requirements, brings concerns about potentially piling more red tape onto victims of a cybercrime, and ultimately slowing down incident response.
After saddling CISA with the responsibility of collecting CIRCIA reporting, Congress denied any additional funding to help them resource up for the job.
Now CISA is stuck - and asking for help from the same group it's required to regulate.
CISA executive director Brandon Wales tried to downplay enforcement and instead implored the cyber community to view sharing their incident data with the federal government as a gesture of goodwill to shore up the entire country's cyber defenses.
Bergin reminded the audience that failure to comply with the regulation could result in organizations being banned from doing any business with the federal government.
Individual enterprise victims won't likely see a direct benefit from sharing their intelligence with CISA, Wales explained, but will see improvements in the long run as the agency is able to do a better job at defending because it is aided by data from across the US infrastructure ecosystem.
Wales added that CISA is trying to become the singular repository for incident reporting, meaning organizations that have overlapping oversight from federal and state agencies could see a simpler process following the implementation of CIRCIA reporting rules.
Large cyber organizations like CrowdStrike have been working with CISA through the Joint Cyber Defense Collaborative, while also acting as a vendor to the agency.
CISA will accept recommendations on CIRCIA rules via the Federal Register through July 3.


This Cyber News was published on www.darkreading.com. Publication date: Fri, 10 May 2024 00:10:15 +0000


Cyber News related to CISA Sells Private Sector on CIRCIA Reporting Rules

CISA Sells Private Sector on CIRCIA Reporting Rules - RSA CONFERENCE 2024 - San Francisco - The Cybersecurity and Infrastructure Security Administration has tagged an additional 30 days onto the window for the private sector to provide feedback on proposed Cyber Incident Reporting for Critical ...
1 month ago Darkreading.com
Bringing Composability to Firewalls with Runtime Protection Rules - Rule control - Customers could not easily write their own firewall rules because of the use of proprietary languages that most teams weren't familiar with unless they received specialized training, or behind walled gardens only accessible by vendor ...
4 months ago Securityboulevard.com
What Are Firewall Rules? Ultimate Guide - Firewall rules are preconfigured, logical computing controls that give a firewall instructions for permitting and blocking network traffic. Network admins must configure firewall rules that protect their data and applications from threat actors. ...
5 months ago Esecurityplanet.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 month ago Securityaffairs.com
Important details about CIRCIA ransomware reporting - This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments. Ransomware attacks have become ...
1 month ago Securityintelligence.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
1 month ago Cisa.gov
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
5 months ago Go.theregister.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
7 months ago Feeds.dzone.com
No one's happy with latest US cyber incident reporting plan The Register - Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in ...
4 months ago Go.theregister.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
6 months ago Cisa.gov
Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole - The Federal Communications Commission has released draft rules to reinstate net neutrality, with a vote on adopting the rules to come on the 25th of April. The FCC needs to close some loopholes in the draft rules before then. Net neutrality is the ...
2 months ago Eff.org
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
6 months ago Packetstormsecurity.com
Insights from CISA HPH Sector Risk and Vulnerability Assessment - In an ever-evolving digital landscape, the healthcare and public health sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency recently conducted a Risk and Vulnerability Assessment, ...
6 months ago Securityboulevard.com
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
3 months ago Securityweek.com
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
3 months ago Go.theregister.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
6 months ago Blog.virustotal.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
6 months ago Cisa.gov
How CSRD and EED are Reshaping Data Center Sustainability Reporting - It requires companies to prepare annual sustainability reports following the European Sustainability Reporting Standards. The CSRD introduces assurance requirements for sustainability reports, necessitating independent verification by auditors. ...
6 months ago Securityboulevard.com
Latest Information Security and Hacking Incidents - Private cloud providers may be among the primary winners of today's generative AI gold rush, as CIOs are reconsidering private clouds, whether on-premises or hosted by a partner, after previously dismissing them in favour of public clouds. At the ...
1 month ago Cysecurity.news
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 month ago Cisa.gov
Establishing New Rules for Cyber Warfare - The efforts of the International Committee of the Red Cross to establish rules of engagement to combatants in a cyberwar should be applauded internationally, even if adherence is likely to be limited. The ICRC recently released a set of rules for ...
7 months ago Darkreading.com
What Is Packet Filtering? Definition, Advantages & How It Works - Packet filtering is a firewall feature that allows or drops data packets based on simple, pre-defined rules regarding IP addresses, ports, or protocols. Each data packet consists of three components: a header to provide information about the data ...
4 months ago Esecurityplanet.com
Incident Response Guide for the WWS Sector - Today, CISA, the Federal Bureau of Investigation, and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems Sector. The guide includes contributions from over 25 WWS Sector organizations ...
5 months ago Cisa.gov
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
6 months ago Cisa.gov
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
3 months ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)