Skip to content

CISA publishes 447-page draft of cyber incident reporting rule

March 27, 2024 – Published on The Record

The nation’s top cybersecurity agency has unveiled the initial draft of a new rule detailing how critical infrastructure organizations need to report cyberattacks to the federal government. 

The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.

The law mandating the rules was passed in 2022 and is intended to improve the government’s ability to track incidents and ransomware payments. Secretary of Homeland Security Alejandro Mayorkas said the information will allow CISA and other agencies to better respond to incidents and identify weak points in the U.S. critical infrastructure.

GuidePoint Security operational technology security strategist Chris Warner told Recorded Future News that he was heartened by the inclusion of measures tracking ransomware payments, which are difficult to compile without companies being forthright about them. 

Read More HERE.