The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission.
Companies have to report issues to the SEC in 8-K filings within four business days unless the U.S. attorney general determines that disclosure would threaten national security or public safety.
The FBI will be responsible for collecting delay request forms and passing the viable ones on to the Justice Department.
The rules take effect on December 18, but smaller companies will have an extra 180 days to comply.
To request a delay, companies must email the FBI information about when the incident occurred and when the organization determined it was material.
The message should include detailed information about what kind of cyberattack occurred, what the intrusion vectors are, what infrastructure or data was affected and how, the operational impact of the incident and whether there is confirmed attribution of the attack.
Companies will need to provide points of contact and information about whether it's the first time they have submitted a delay-referral request.
The FBI also wants companies to say in the email whether they have already been in contact with a local field office.
Since the rules were announced, there has been significant backlash from companies, industry organizations and others.
Rep. Andrew Garbarino proposed legislation three weeks ago that would overturn them.
Under the rules, DOJ can grant a delay of public filing for 30 business days, with an option to delay for an additional 30.
DOJ and FBI officials said at the Aspen Digital Conference last month that they will evaluate disclosure delay requests based on the industry of the victim, the type of vulnerability exploited for initial access and the type of attacker.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
Martin Matishak is the senior cybersecurity reporter for The Record.
Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community.
He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.
This Cyber News was published on therecord.media. Publication date: Fri, 08 Dec 2023 19:21:21 +0000