New cyber incident reporting rules released
The Cybersecurity and Information Security Agency (CISA) has released a Request for Information (RFI) to inform the agency’s development of new critical infrastructure cyber incident reporting rules enacted by Congress earlier this year. Congress approved the Cyber Incident Reporting for Critical Infrastructure Act in March. The law directs CISA to develop rules requiring covered critical infrastructure owners and operators to report to CISA within 72 hours of a reasonable belief that they have experienced a cyberattack, or within 24 hours of making a cyber ransom payment.