WTA Provides Comments on Cyber Incident Reporting
Today, WTA provided comments to the Cybersecurity and Infrastructure Security Agency (CISA) in response to its proposed regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act’s (CIRCIA) covered cyber incident and ransom payment reporting requirements.
WTA recommends that CISA:
- Enter into an interagency agreement with the FCC to harmonize and share the cyber incident reports submitted to the portal that the FCC currently operates and shares with the USSS and FBI to reduce the number of times a covered entity has to report a cyber incident and to include as many as feasible of the other federal, state, local, tribal and territorial agencies having cybersecurity jurisdiction.
- Clarify the definitions of “covered cyber incident” and “substantial cyber incident” and the record retention requirements.
- Modify the proposed 72-hour reporting deadline to provide additional time for small entities with limited resources