The US Department of Homeland Security (DHS) on Tuesday published a new document containing recommendations on how federal agencies can streamline cyber incident reporting, to help protect critical infrastructure entities.
Titled Harmonization of Cyber Incident Reporting to the Federal Government (PDF), the document offers a definition of reportable cyber incidents and of reporting timeline, and recommends the adoption of a model reporting form within federal agencies.
Additionally, the document details when incident reporting might be delayed, including situations when this action would pose a risk to “critical infrastructure, national security, public safety, or an ongoing law enforcement investigation”.
According to the DHS, federal agencies should find ways to streamline the receipt and sharing of incident reports and threat intelligence, by improving existing practices and by creating a single reporting portal, and by engaging with victims following initial incident reporting.
“The recommendations that DHS is issuing today provide needed clarity for our partners. They streamline and harmonize reporting requirements for critical infrastructure, including by clearly defining a reportable cyber incident, establishing the timeline for reporting, and adopting a model incident reporting form. These recommendations can improve our understanding of the cyber threat landscape, help victims recover from disruptions, and prevent future attacks,” Secretary of Homeland Security Alejandro N. Mayorkas said.
Developed in coordination with the Cyber Incident Reporting Council (CIRC), the document also outlines actions that the cybersecurity agency CISA should take to harmonize cyber incident reporting as it implements the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and proposes legislative changes regarding incident reporting.
Following the release of this document, CIRC will take steps to implement these recommendations and will continue to coordinate and harmonize the cyber incident reporting requirements for federal agencies, while DHS will coordinate with the agencies participating in the CIRC to keep the Congress informed of advancements.
“To develop these recommendations, the Cyber Incident Reporting Council analyzed over 50 different federal cyber incident reporting requirements and engaged with numerous industry and private sector stakeholders. It is imperative that we streamline these requirements. Federal agencies should be able to receive the information they need without creating duplicative burdens on victim companies that need to focus on responding to incidents and taking care of their customers,” DHS Under Secretary for Policy and CIRC Chair Robert Silvers said.