A panel advising the Cybersecurity and Infrastructure Security Agency (CISA) has recommended the establishment of a National Cybersecurity Alert System in the United States.
Furtherore, the panel, known as the Cybersecurity Advisory Committee (CSAC), emphasized the need for a comprehensive alert system that provides actionable information on cybersecurity threats and risks. While the exact nature of the system remains undefined, the panel highlighted the necessity for a system that regularly provides cyber alerts around the clock.
CISA, which already issues various alerts, advisories, and bulletins regarding specific threats, welcomed the idea of a more comprehensive alert system. The panel stressed the importance of curating authoritative, granular information over time to enable effective response to cybersecurity threats. While CISA is considered the suitable organization to create such a system, it currently lacks the necessary analytical capacity and unique data sources.
The recommendation coincides with the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and the Securities and Exchange Commission (SEC) rules, which mandate organizations to report cyber incidents.
The panel believes that the alert system could benefit from the information collected through these regulations, enhancing granularity and authoritativeness in addressing cyber risks.
Subcommittee members proposed that the alert system should operate in a tiered model, with some alerts not being public and only shared with those who require them.
In addition, the panel highlighted the need for actionable information that goes beyond simply producing another color-coded warning system. The development of this alert system is seen as a timely effort to strengthen the nation’s cyber resilience and bolster the digital infrastructure’s ability to respond to evolving threats effectively.
The next steps include discussions with stakeholders to determine valuable curated information for organizations and coordination with other agencies that can participate in the system’s development.
