The Department of Homeland Security (DHS) has proposed new strategies to simplify federal cyber incident reporting rules for victim organizations, including the idea of establishing a single reporting web portal. Currently, there are 52 federal cyber incident reporting requirements, and DHS, in coordination with other federal agencies, aims to streamline these regulations.
Furthermore, this effort is in preparation for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which is being developed by the Cybersecurity and Infrastructure Security Agency (CISA). The recommendations outlined by DHS include clarifying definitions, timelines, and triggers for reporting, considering delays in notifications when necessary for national security or law enforcement investigations, adopting a model reporting form, and the potential creation of a single portal for streamlined reporting and information sharing.
DHS Undersecretary for Policy Robert Silvers delivered a comprehensive 107-page report to Congress, highlighting collaboration with 33 federal agencies to harmonize cyber incident reporting. The report also emphasizes the importance of simplifying these requirements to ensure that federal agencies can obtain the necessary information without imposing undue burdens on victim companies.
Secretary of Homeland Security Alejandro Mayorkas noted that these recommendations will provide clarity for private sector partners in the critical period following a cyberattack and help improve understanding of the cyber threat landscape, enhance recovery efforts, and prevent future attacks.
The report outlines steps CISA intends to take to harmonize these rules and calls upon Congress to support the process by removing legal or statutory barriers, providing authority, and funding for these efforts.
Additionally, the report requests Congress to exempt incident reports from Freedom of Information Act requests to protect their confidentiality. CISA Director Jen Easterly emphasized that mandated incident reporting will help defenders identify trends in real-time, promptly assist victims, and share information to warn potential targets, while ensuring a balance with the industry’s burden. These recommendations will inform the proposed rule for the Cyber Incident Reporting for Critical Infrastructure Act.
