CISA Looking to Change Cybercrime Reporting Rules

September 9, 2022 by Madeline Hughes
CISA Looking to Change Cybercrime Reporting Rules

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other organizations for feedback on what its new reporting rules should look like.

The agency released the eight-page request for information Friday asking people how the agency should collect information. The agency’s progress towards making new rules comes as it works to meet its 2024 deadline set in the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which President Joe Biden signed into law this past March.

Lawmakers saw an opportunity to prevent cybercrimes through the creation of a set of requirements for businesses to meet when dealing with them.

The law “marks an important milestone in improving America’s cybersecurity by, among other things, requiring CISA to develop and implement regulations requiring covered entities to report covered cyber incidents and ransom payments to CISA,” the agency wrote in its request.


“These reports will allow CISA, in conjunction with other federal partners, to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends and understand how malicious cyber actors are perpetrating their attacks, and quickly share that information with network defenders to warn other potential victims.”

The agency is embarking on a multi-year process to create these laws by first soliciting information.

Agency employees will be visiting cities around the country on a “listening tour” to hear input from people throughout the fall. They will visit Salt Lake City, Utah; Atlanta, Georgia; Chicago, Illinois; Dallas, Texas; New York City, New York; Philadelphia, Pennsylvania; Oakland, California; Boston, Massachusetts; Seattle, Washington; Kansas City, Missouri; and host a session in Washington, D.C.


The new rules are a shift in how these cyberattacks are handled. The agency has mostly had a voluntary relationship with companies that choose to share they were victims of such attacks.

The request is specifically asking about how the agency should define what is a “covered entity” — the companies within the critical infrastructure sectors that would need to report cybercrimes and any ransoms they pay.

Currently different types of utility companies have different cybercrime reporting rules, which led to the Colonial Pipeline ransomware attack last year, halting the gas pipeline that brought gasoline up the East Coast. The Atlantic Council referenced that attack in a report it released in June this year, calling out these inconsistencies throughout cybersecurity practices.

The new law seeks to change that.

“Reporting cyber incidents and ransom payments to the government has many benefits. An organization that is a victim of a cyber incident, including those that result in ransom payments, can receive assistance from government agencies that are prepared to investigate the incident, mitigate its consequences, and help prevent future incidents through analysis and sharing of cyber threat information,” the agency states.

“CISA and our federal law enforcement partners have highly trained investigators who specialize in responding to cyber incidents for the express purpose of disrupting threat actors who caused the incident, and providing technical assistance to protect assets, mitigate vulnerabilities, and offer on-scene response personnel to aid in incident recovery.”


The agency is accepting public comments for 60 days after the request for information is officially published in the Federal Register on Monday, Sept. 12.

Madeline can be reached at [email protected] and @ByMaddieHughes

A+
a-

In The News

Health

Voting

Cybersecurity

October 31, 2022
by Dan McCue
DOE Cybersecurity Office to Brief New Report on Electric Grid

WASHINGTON — Federal officials will brief a new report outlining the key cybersecurity recommendations for clean energy integration, grid modernization... Read More

WASHINGTON — Federal officials will brief a new report outlining the key cybersecurity recommendations for clean energy integration, grid modernization and distributed energy resources on Monday, Nov. 7. The report was prepared by the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response and... Read More

September 16, 2022
by Dan McCue
FEC Clears Path for Warren to Spend Campaign Funds on Cybersecurity

WASHINGTON — Sen. Elizabeth Warren, D-Mass., can use campaign funds to pay for the cost of reasonable cybersecurity measures to... Read More

WASHINGTON — Sen. Elizabeth Warren, D-Mass., can use campaign funds to pay for the cost of reasonable cybersecurity measures to protect her home network, the Federal Election Commission announced on Friday. The decision came in response to an advisory opinion request on behalf of Warren Democrats... Read More

September 9, 2022
by Madeline Hughes
CISA Looking to Change Cybercrime Reporting Rules

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other... Read More

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other organizations for feedback on what its new reporting rules should look like. The agency released the eight-page request for information Friday asking people how the agency... Read More

July 13, 2022
by Madeline Hughes
Atlantic Council Offers New Approach to Cybersecurity  

WASHINGTON — The Atlantic Council outlined Tuesday how the U.S. government and businesses can work together to protect the nation’s... Read More

WASHINGTON — The Atlantic Council outlined Tuesday how the U.S. government and businesses can work together to protect the nation’s power grid from cyberattacks. The United States’ power grid is increasingly reliant on digital technology and the internet. This is especially true as the country moves... Read More

July 6, 2022
by Reece Nations
National Computer Forensics Institute Reauthorization Critical to Security

HOOVER, Ala. — As the National Computer Forensics Institute comes up for congressional reauthorization, forensics and cybersecurity experts told The... Read More

HOOVER, Ala. — As the National Computer Forensics Institute comes up for congressional reauthorization, forensics and cybersecurity experts told The Well News how the institute’s standardized curriculum is critical to contemporary law enforcement activities. Having a centralized hub for preparing police for handling incidents related to... Read More

May 18, 2022
by Dan McCue
Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

News From The Well
scroll top