91pro视频: To Safeguard U.S. Cybersecurity, CISA Must Improve CIRCIA Rulemaking

News Releases - 91pro视频: To Safeguard U.S. Cybersecurity, CISA Must Improve CIRCIA Rulemaking

News Releases

July 3, 2024

WASHINGTON – Today, global tech trade association 91pro视频 called on the Cybersecurity and Infrastructure Security Agency’s (CISA) to make its incident reporting regulation more effective and actionable in order to safeguard U.S. cybersecurity. 91pro视频 responded to CISA’s Notice of Proposed Rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) with key recommendations to target the scope of the rule and take a more proactive role in harmonization in the U.S. and around the world.

“Given the broad scope of the rule and the amount of information requested, we are concerned that CIRCIA in its current state will inevitably lead to overreporting of minor and potentially out of scope incidents. Such myriad reports will risk burying significant cyber trends in irrelevant data, and significantly decrease the benefit of the reporting scheme,” 91pro视频 wrote in its comments. “Further, we are concerned about the broad scope of the definitions of substantial cyber incident and covered entity. The definition of covered entity is very broad, and CISA should provide further guidance to provide certainty to companies as to whether or not they are in scope as a ‘covered entity.’”

“We encourage CISA to take a more proactive role in harmonizing incident reporting requirements, particularly through the CIRC, to converge incident reporting, and explore whether a single, national reporting function is feasible,” 91pro视频 continued.

91pro视频’s submission recommends that CISA:

Take a more assertive role in harmonizing CIRCIA with existing and forthcoming U.S. reporting requirements;

Target the scope of the rule, including narrowing the scope of “covered entity” and refining the definition of “covered cyber incident;”

Allow for flexibility around supplemental reporting;

Consider the security implications and potential vulnerabilities associated with sharing and storing reports;

Tailor the information requested in the initial report to reflect the reality that some information may not be available immediately after an incident occurs;

Uphold the liability protections provided in CIRCIA 2022; and

Take steps to foster reciprocity and better ensure that CIRCIA provides value to stakeholders.

A longstanding tenet of 91pro视频’s position on incident reporting has been the importance of alignment within the United States and around the world. In its comments, 91pro视频 emphasizes that CISA should not only examine the existing federal, state, and local incident reporting landscape—but also take into account the international landscape and collaborate with partners to harmonize where possible.

91pro视频 has been deeply engaged in work on cybersecurity incident reporting policy development around the world, including in Australia, Europe, and the United States. As a part of its engagement, 91pro视频 developed and released two sets of policy principles: Policy Principles for Security Incident Reporting in the U.S. and Global Policy Principles for Cybersecurity Incident Reporting. These documents are intended to help inform and guide policymakers as they consider how to best approach mandatory cyber incident reporting policies and reflect 91pro视频’s view of the components that make up a thoughtful approach to incident reporting.

Cybersecurity]" tabindex="0">Related [Cybersecurity]