US Homeland Security Introduces Guide to Enhance Cyber Incident Reporting

The US Department of Homeland Security (DHS) has introduced new recommendations to streamline the reporting of cyber incidents across the Department of Defense and 32 other federal agencies.

The guide is expected to further protect the country’s vital infrastructure, reduce the burden on cybersecurity partners, and decrease the downtime of associated operations in each sector covered.

The recommendations will also enhance the prevention, response, and recovery from cyber attacks and aid organizations in improving malicious cyber threat identification.

‘Clear, Consistent Guideline’

The guide includes key pointers such as the establishment of model definitions, triggers, and timelines in cyber incident reporting, setting up an adoptable cyber incident reporting system, rationalizing associated incident information reporting and sharing, and the utility of a single reporting web portal.

The recommendations highlighted instances where reports are delayed, and when a threat would pose a greater risk to critical assets, public safety, national security, or an ongoing law enforcement investigation.

“In the critical period immediately following a cyber attack, our private sector partners need clear, consistent information-sharing guidelines to help us quickly mitigate the adverse impacts,” DHS Secretary Alejandro Mayorkas explained.

“The recommendations that DHS is issuing today provide needed clarity for our partners.”

“I look forward to working with Congress and partners across every level of government and the private sector to implement these recommendations and strengthen the resilience of communities across the country.”

Supporting Cyber Incident Reporting for Critical Infrastructure Act 

The recommendations align with the US government’s Cyber Incident Reporting for Critical Infrastructure Act or CIRCIA, a law enabling federal arms to report cyber incidents within 72 hours after their occurrence.

These reports are directed to an intergovernmental cyber council consisting of the DHS and the Cybersecurity and Infrastructure Security Agency (CISA) to address the information gathered and provide a workaround.

Staff members sit at their work stations at the National Cybersecurity and Communications Integration Center in Arlington, Virginia on January 13, 2015
Staff members at the National Cybersecurity and Communications Integration Center in Arlington, Virginia. Photo: Saul Loeb/AFP

“To develop these recommendations, the Cyber Incident Reporting Council (CIRC) analyzed over 50 different federal cyber incident reporting requirements and engaged with numerous industry and private sector stakeholders,” DHS Policy Undersecretary and CIRC Chair Robert Silvers said.

“It is imperative that we streamline these requirements. Federal agencies should be able to receive the information they need without creating duplicative burdens on victim companies that need to focus on responding to incidents and taking care of their customers.”

Alongside cyber incidents, CIRCIA includes solutions for federal ransom payments.

DHA and CISA facilitate campaigns against these exploits through the Joint Ransomware Task Force, which includes the participation of the National Cyber Director and the FBI.

Related Articles

Back to top button