Critical Infrastructure Security, Industry Regulations, Government Regulations

CISA extends CIRCIA rule comment period

CISA's new incident reporting rules

The Cybersecurity and Infrastructure Security Agency will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries, according to The Record, a news site by cybersecurity firm Recorded Future.

With the feedback period extended until July 3, the CISA is expecting more substantive comments on how it could strengthen regulations aimed at bolstering federal cyber incident and ransomware payment tracking activities, said CISA Executive Director Brandon Wales during a roundtable discussion at this year's RSA Conference.

"We are actively hoping that we get good, high-quality feedback from critical infrastructure so that we can make sure that the final rule is as good as it can be, and helps us meet the intent of the program," said Wales.

Such a development comes a week after lawmakers and industry representatives raised concerns regarding CISA's excessive restrictions on critical infrastructure organizations under the rule.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.