Summary: A coalition of financial organizations is urging the US cybersecurity agency CISA to reconsider the proposed implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), citing its potential negative impacts. The groups argue that the current proposal diverts crucial resources from responding to cyber attacks and places undue burdens on organizations. They seek a collaborative approach with CISA to create a more balanced reporting framework.
Affected: US Cybersecurity and Infrastructure Security Agency (CISA), financial organizations
Keypoints :
- Financial organizations are requesting CISA to rescind and reissue the proposed CIRCIA implementation.
- CIRCIA mandates reporting major cybersecurity incidents within 72 hours and ransomware payments within 24 hours.
- The proposed implementation could detract from organizationsโ ability to respond effectively to cyber incidents, according to the advocacy group.
- Public figures have raised concerns about the additional burdens imposed on critical infrastructure entities by the current proposal.
- The organizations express a desire for ongoing dialogue with CISA to develop a more balanced approach to incident reporting.