From Inside Cybersecurity:
Two large associations urged CISA to set a high bar for incidents that should be reported and called for bidirectional information sharing at the agency’s Washington, DC listening session on Wednesday. Nine organizations provided feedback to CISA including the Chamber, American Gas Association, National Electrical Manufacturers Association, National Association of Chemical Distributors, Bank of America, Bank Policy Institute, R Street Institute, Express Association of America and Digital Asset Redemption… Kimberly Denbow, vice president of security and operations at AGA, urged CISA in her remarks to clarify the definitions on what kinds of incidents are reportable and the threshold. Information technology and operational technology have different thresholds, Denbow said, adding that a “covered entity” should be weighed against “criticality.” Denbow said CISA needs to address how the information will be used, analyzed and stored. On harmonization, Denbow said the Transportation Security Administration, North American Electric Reliability Corporation and Nuclear Regulatory Commission have standards for incident reporting. At the state level, some public utility commissions also have regulations in place, Denbow said. She pointed to R Street’s overview of federal cyber incident and breach reporting requirements as a good place to start when it comes to reviewing what is currently in play.

Featured Publications