The cybersecurity agency within the Department of Homeland Security is extending a public comment deadline on its intent to update reporting documents, according to a Jan. 6 notice in the Federal Register.
The Cybersecurity and Infrastructure Security Agency, charged with protecting federal networks and the nation’s critical infrastructure from cyberattacks, will give stakeholders until Feb. 5 to comment on updates to its forms through which entities can report “major incidents, breaches, and events under investigation.” The extension comes after a 60-day during which CISA received no comments.
CISA revised its incident reporting form to include the following updates:
- Adds new reporting options;
- Updated to improve user-friendliness by having the form be directional;
- Adds structured, distinct options for reporting incidents, major incidents, breaches, and events under investigation; and
- Add fields to collect expanded information on topics including attack vectors, indicators of compromise, communications from compromised systems, critical infrastructure sectors, memory captures, system and network logs, and unattributed cyber intrusions.
CISA wants input to help it evaluate if the proposed changes are “necessary for the proper performance” of the agency’s functions and work to enhance the “quality, utility, and clarity” of the information being reported. It also wants feedback on the accuracy of its assessments about the burden the added data collection will pose and how it can work to mitigate that burden, including adding automation into the process.
CISA’s incident reporting form allows end users to submit cyber incidents and threat indicators for DHS analysis.
“This information is used by DHS to conduct analyses and provide warnings of system threats and vulnerabilities, and to develop mitigation strategies as appropriate," the notice reads. “The primary purpose for the collection of this information is to allow DHS to contact requestors regarding their request.”
CISA also has another document out for public comment that will mandate that federal agencies establish a vulnerability disclosure program. The public comment period for that directive was extended to Jan. 10.
"By accepting incident reports and feedback, and interacting among federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public, CISA has provided a way for citizens, businesses, and other institutions to communicate and coordinate directly with the federal government about cybersecurity,” the notice reads.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.