The Cybersecurity and Infrastructure Security Agency published for public inspection its pending proposed rule that would require covered entities to report to CISA on covered cyber incidents and ransom payments.

Details: The proposal would establish rules on cyber incident and ransom payment reporting under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. That law requires critical infrastructure owners, including financial institutions, to report substantial cyberattacks to CISA within 72 hours and ransomware payments within 24 hours.

ICBA Advocacy: As advocated by ICBA, the law directs CISA to rapidly share information on cyber threats, harmonize regulations to avoid duplicative reporting requirements, and include trade associations in its rulemaking outreach, among other ICBA priorities.