What to Know About the Cyber Incident Reporting for Critical Infrastructure Act of 2022

Subscribe to our cybersecurity blog

If you haven’t been living under a rock, it would be hard not to notice the cyber attacks and threats on public and critical infrastructures since 2020. Critical infrastructures have continued to see attacks increase as they are high-value targets because attacks on them can result in major damages and downtimes, as well as having major consequences that are a real threat to public safety.

The bill was created and signed to encourage companies to share information more openly about cyber-related events that will look to mitigate ongoing and potential future threats to critical infrastructure.

That law was signed following the attacks on critical infrastructure that included the Colonial Pipeline, among others.

You can take a look at some of the worst cyber attacks of 2021 related to critical infrastructure by downloading our webinar for free to watch on-demand: Lessons Learned from the Worst Cyber Attacks of 2021

Details on CIRCIA 2022

CIRCIA 2022 establishes new reporting guidelines for critical infrastructure companies and industries to follow when they are a victim of a cyber attack.

Here are the industries that are subject to following CIRCIA reporting guidelines:

  • Chemical
  • Commercial Facilities
  • Communications
  • Critical Manufacturing
  • Dams
  • Defense Industrial Bases
  • Emergency Services
  • Energy
  • Financial Services
  • Food and Agriculture
  • Government Facilities
  • Healthcare and Public Health
  • Information Technology
  • Nuclear Reactors, Materials, and Waste
  • Transportation Systems
  • Water and Wastewater Systems

The covered entities in these industries will need report two specific types of cyber incidents under what is called “covered cyber incident” under the bill.

The rule will also require that if a ransom is paid from a cyber incident, it must also be reported within 24 hours.

As of now, any company that falls within those sectors must report all cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.

Here is a full list of the critical infrastructure sectors defined by CISA.

Reporting for CIRCIA 2022

As noted, all cyber incidents should be reported to CISA within 72 hours.

The rule will also require organization.

These are the guidelines that organizations should use for reporting types of cyber incidents seen:

Report any:

  • Unauthorized system access
  • DOS attacks of over 12 hours
  • Malicious code on systems
  • Phishing attempts or successes
  • Ransomware attacks
  • Attempts to gain access to an organization’s system

When reporting any cyber incident to CISA, the following details also should be included:

  • Incident date and time
  • Incident location
  • Type of activity observed
  • A detailed narrative of the cyber event
  • The number of systems or people affected by the cyber incident or event
  • The name of the company or organization
  • Point of contact details
  • Severity of the cyber incident
  • The sector of the critical infrastructure if known/applicable
  • Anyone else informed

Any federal and critical infrastructure partners complete incident report forms or email report@cisa.gov with all details.

“When cyber incidents are reported quickly, CISA can use this information to render assistance and provide a warning to prevent other organizations and entities from falling victim to a similar attack,” the guide explains.

References: https://www.jdsupra.com/legalnews/answers-to-common-questions-regarding-2254322/

https://healthitsecurity.com/news/cisa-issues-guidance-on-cybersecurity-information-sharing

https://www.congress.gov/bill/117th-congress/house-bill/5440/text

https://burnswhite.com/cybersecurity-incident-reporting-for-circia-2022-establishes-new-requirements-for-critical-infrastructure-companies/

 

 

 

You may also like

Prioritize Network Monitoring, Vigilance with CISA’s Cloud Security Technical Reference Architecture

Last year, Executive Order 14028 was signed to help with, “Improving the ...

Read More

NOC vs SOC: What is the Difference?

A Network Operations Center (NOC) and a Security Operations Center (SOC) are ...

Read More

What is Cyber Insurance and is It Worth It?

There is a lot of minutiae that goes into exactly how cyber insurance is ...

Read More

What You Should Look for in Cloud Security

The trend to use cloud-based applications and services saw its growth ...

Read More

Russian Cyber Threats to U.S. Critical Infrastructure

On February 16, 2022, the Cyber Security and Infrastructure Security Agency ...

Read More