CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Incident Response

DHS Publishes New Recommendations on Cyber Incident Reporting

DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure.

The US Department of Homeland Security (DHS) on Tuesday published a new document containing recommendations on how federal agencies can streamline cyber incident reporting, to help protect critical infrastructure entities.

Titled Harmonization of Cyber Incident Reporting to the Federal Government (PDF), the document offers a definition of reportable cyber incidents and of reporting timeline, and recommends the adoption of a model reporting form within federal agencies.

Additionally, the document details when incident reporting might be delayed, including situations when this action would pose a risk to “critical infrastructure, national security, public safety, or an ongoing law enforcement investigation”.

According to the DHS, federal agencies should find ways to streamline the receipt and sharing of incident reports and threat intelligence, by improving existing practices and by creating a single reporting portal, and by engaging with victims following initial incident reporting.

“The recommendations that DHS is issuing today provide needed clarity for our partners. They streamline and harmonize reporting requirements for critical infrastructure, including by clearly defining a reportable cyber incident, establishing the timeline for reporting, and adopting a model incident reporting form. These recommendations can improve our understanding of the cyber threat landscape, help victims recover from disruptions, and prevent future attacks,” Secretary of Homeland Security Alejandro N. Mayorkas said.

Developed in coordination with the Cyber Incident Reporting Council (CIRC), the document also outlines actions that the cybersecurity agency CISA should take to harmonize cyber incident reporting as it implements the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and proposes legislative changes regarding incident reporting.

Following the release of this document, CIRC will take steps to implement these recommendations and will continue to coordinate and harmonize the cyber incident reporting requirements for federal agencies, while DHS will coordinate with the agencies participating in the CIRC to keep the Congress informed of advancements.

“To develop these recommendations, the Cyber Incident Reporting Council analyzed over 50 different federal cyber incident reporting requirements and engaged with numerous industry and private sector stakeholders. It is imperative that we streamline these requirements. Federal agencies should be able to receive the information they need without creating duplicative burdens on victim companies that need to focus on responding to incidents and taking care of their customers,” DHS Under Secretary for Policy and CIRC Chair Robert Silvers said.

Advertisement. Scroll to continue reading.

Related: DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Related: DHS Tells Federal Agencies to Improve Asset Visibility, Vulnerability Detection

Related: DHS Connects Government, Private Sector in New Cyber Safety Review Board

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...