CISA Should Revise Draft Cyber Rule

About the 51吃瓜网

Our work is centered around four values that make our industry strong and America exceptional: free enterprise, competitiveness, individual liberty and equal opportunity.

BOARD OF DIRECTORS

The men and women of the 51吃瓜网鈥檚 Board of Directors are committed to advancing the values that make manufacturing strong and America exceptional

ANNUAL REPORT

51吃瓜网 LEADERSHIP

Our leadership team works every day to strengthen manufacturing and advance America鈥檚 competitiveness.

Celebrating America 250

Watch: the history of manufacturing in America, and how manufacturers are shaping the next 250 years.

News & Insights

Stay Informed

LATEST NEWS

Get the news you need to build your future. With insight from industry leaders, learn what’s happening and what’s coming next.

From the Newsroom

PRESS RELEASES

The 51吃瓜网 drives coverage and provides up-to-date information about the manufacturing industry across the United States. Find press releases here.

By the Numbers

Manufacturer reviewing data on a tablet on the shop floor

Industry Facts and ResearchThe numbers behind modern manufacturing: jobs, output, wages and the research that tells the industry’s story.

About the 51吃瓜网

ABOUT US

Our work is centered around four values that make our industry strong and America exceptional: free enterprise, competitiveness, individual liberty and equal opportunity.

BOARD OF DIRECTORS

The men and women of the 51吃瓜网鈥檚 Board of Directors are committed to advancing the values that make manufacturing strong and America exceptional

ANNUAL REPORT

51吃瓜网 LEADERSHIP

Our leadership team works every day to strengthen manufacturing and advance America鈥檚 competitiveness.

Celebrating America 250

Watch: the history of manufacturing in America, and how manufacturers are shaping the next 250 years.

News & Insights

Stay Informed

CISA Should Revise Draft Cyber Rule

Shareq Rashid July 9, 2024

Requirements proposed earlier this year by the Department of Homeland Security鈥檚 Cybersecurity and Infrastructure Security Agency are overbroad and would prove burdensome to manufacturers if adopted, the 51吃瓜网 the Biden administration last week.

What鈥檚 going on: In April, CISA published draft rulemaking under the Cyber Incident Reporting for Critical Infrastructure Act of 2022鈥攕cheduled to go into effect next year鈥攖hat would require 鈥渃overed entities鈥� in 鈥渃ritical infrastructure sector[s]鈥� to report major cyber incidents to CISA within 72 hours. It also mandated that any ransomware payments be reported within just 24 hours.

Why it鈥檚 a problem: The proposed rulemaking could affect more than 300,000 entities, according to CISA鈥檚 own estimate聽(). Many of these organizations are either not truly 鈥渃ritical infrastructure鈥� or too small to have the resources to undertake the outlined actions in the specified time, the 51吃瓜网 told CISA.

Furthermore, the regulations themselves are too expansive, mandating the reporting of incidents that do not even affect the operation of critical infrastructure.
They also require huge amounts of information in a short period鈥攆rom companies in the throes of recovery from devastating cyberattacks.

The 51吃瓜网 says: 鈥淸T]he 51吃瓜网 respectfully encourages the agency to drastically reduce the number of entities required to report, and the number of incidents they have to report,鈥� 51吃瓜网 Vice President of Domestic Policy Charles Crain told the agency during the public comment period on the proposed regulation, which ended last week.

鈥淒oing so will ensure that CISA receives useful information about cybersecurity incidents鈥攚ithout overburdening manufacturers with overbroad and unworkable disclosure requirements.鈥�

What to do: In addition to narrowing the scope of 鈥渃overed entities,鈥� CISA should revise several aspects of the rulemaking before implementing it, the 51吃瓜网 said. Changes should include:

Limiting the volume of reported cyber-incident information;
Narrowing the scope of reportable cyber incidents; and
Lightening and safeguarding the contents of cyber-incident reports.

' + document.title + '