CISA Looking to Change Cybercrime Reporting Rules

September 9, 2022 by Madeline Hughes
CISA Looking to Change Cybercrime Reporting Rules

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other organizations for feedback on what its new reporting rules should look like.

The agency released the eight-page request for information Friday asking people how the agency should collect information. The agency’s progress towards making new rules comes as it works to meet its 2024 deadline set in the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which President Joe Biden signed into law this past March.

Lawmakers saw an opportunity to prevent cybercrimes through the creation of a set of requirements for businesses to meet when dealing with them.
The law “marks an important milestone in improving America’s cybersecurity by, among other things, requiring CISA to develop and implement regulations requiring covered entities to report covered cyber incidents and ransom payments to CISA,” the agency wrote in its request.

“These reports will allow CISA, in conjunction with other federal partners, to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends and understand how malicious cyber actors are perpetrating their attacks, and quickly share that information with network defenders to warn other potential victims.”

The agency is embarking on a multi-year process to create these laws by first soliciting information.

Agency employees will be visiting cities around the country on a “listening tour” to hear input from people throughout the fall. They will visit Salt Lake City, Utah; Atlanta, Georgia; Chicago, Illinois; Dallas, Texas; New York City, New York; Philadelphia, Pennsylvania; Oakland, California; Boston, Massachusetts; Seattle, Washington; Kansas City, Missouri; and host a session in Washington, D.C.

The new rules are a shift in how these cyberattacks are handled. The agency has mostly had a voluntary relationship with companies that choose to share they were victims of such attacks.

The request is specifically asking about how the agency should define what is a “covered entity” — the companies within the critical infrastructure sectors that would need to report cybercrimes and any ransoms they pay.

Currently different types of utility companies have different cybercrime reporting rules, which led to the Colonial Pipeline ransomware attack last year, halting the gas pipeline that brought gasoline up the East Coast. The Atlantic Council referenced that attack in a report it released in June this year, calling out these inconsistencies throughout cybersecurity practices.

The new law seeks to change that.

“Reporting cyber incidents and ransom payments to the government has many benefits. An organization that is a victim of a cyber incident, including those that result in ransom payments, can receive assistance from government agencies that are prepared to investigate the incident, mitigate its consequences, and help prevent future incidents through analysis and sharing of cyber threat information,” the agency states.

“CISA and our federal law enforcement partners have highly trained investigators who specialize in responding to cyber incidents for the express purpose of disrupting threat actors who caused the incident, and providing technical assistance to protect assets, mitigate vulnerabilities, and offer on-scene response personnel to aid in incident recovery.”

The agency is accepting public comments for 60 days after the request for information is officially published in the Federal Register on Monday, Sept. 12.

Madeline can be reached at [email protected] and @ByMaddieHughes

A+
a-
  • cybercrime
  • cybersecurity
  • Cybersecurity and Infrastructure Security Agency
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top