In a pivotal move toward strengthening the nation's cybersecurity resilience, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released a Notice of Proposed Rulemaking (NPRM) on Wednesday, March 27, 2024. This milestone was published for public viewing. The Federal Register marks significant progress in protecting critical infrastructure from cyber threats.
Mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the NPRM heralds a new era of enhanced cybersecurity protocols.
Empowering CISA through CIRCIA
Under CIRCIA, CISA will leverage cyber incidents and ransomware payment data reported to the agency to identify real-time patterns, close critical information gaps, and quickly direct resources to entities under siege. They are ready to mobilize and provide advance warning to potential targets.
Rapid dissemination of cyber incident intelligence allows cybersecurity agencies to scale up timely assistance, pre-empt similar attacks on other organizations, and limit the cascading effects of cyber threats on national security. Masu.
Department of Homeland Security Secretary Alejandro N. Mayorkas emphasized the importance of CIRCIA in strengthening the nation's cybersecurity posture, saying, “Cyber incident reports submitted through CIRCIA will help us better protect our nation's critical infrastructure.'' It will be better protected.”
Mr. Mayorkas emphasized that collaboration with both public and private stakeholders is essential in shaping the proposed rule, and that he will seek further input during the public comment period to improve the final rule.
“CIRCIA strengthens our ability to identify trends, provide assistance to victims of cyber incidents, quickly share information with other potential victims, and reduce cyber risks across all critical infrastructure sectors. “The proposed rule is the result of collaboration with public and private stakeholders, and DHS welcomes feedback during the public comment period on the direction and content of the final rule,” Mayorkas said. .
Echoing Mayorkas' sentiments, CISA Director Jen Easterly praised CIRCIA as a changer in the cybersecurity landscape, preempting adversary campaigns, facilitating early detection of threats, and engaging with public and private partners. It emphasized its vital role in promoting a synchronized response.
“This will enable us to better understand the threats we face, detect hostile campaigns earlier, and take more coordinated action with public and private partners in response to cyber threats. “We look forward to further feedback from the critical infrastructure community as we develop the final rule,” Easterly said.
Stakeholder engagement and collaborative efforts
Since September 2022, CISA has diligently sought input from a variety of stakeholders, including the critical infrastructure community, in shaping the NPRM. The open comment period provides additional opportunities for stakeholders to provide insight into the proposed regulations regarding cyber incident and ransom payment reporting, as well as other aspects of the CIRCIA regulatory framework.
By leveraging insights gained from requests for information (RFIs) and hearing sessions conducted over the past year, cybersecurity agencies tailored the NPRM to stakeholder needs and priorities.
Implementation of CIRCIA will usher in a paradigm shift in national cybersecurity strategy, allowing CISA to gain comprehensive insight into the evolving cyber threat landscape. CIRCIA forms the basis of proactive cyber risk reduction initiatives by providing early warning to organizations at risk of cyber targets, thereby protecting the nation's critical infrastructure against emerging cyber threats. strengthen.
As the NPRM moves towards formal publication in the Federal Register, the public is encouraged to actively participate in the 60-day comment period and contribute valuable perspectives to help shape the final rule.
Through collective efforts and collaborative engagement, CISA aims to strengthen America's cyber defenses and ensure the resilience of critical infrastructure in the face of evolving cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for informational purposes only and the user is solely responsible for the reliability of the information. Cyber Express assumes no responsibility for the accuracy of this information or the consequences of its use.
