noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

Nachrichten

Landkreis Teltow-Fläming

Kfz-Zulassungsstellen und Führerscheinstelle: Weiterhin technische Probleme
Bundesland Brandenburg

Die Gewinner des Brandenburger Innovationspreises 2024
Stadt Dortmund

Kultur für Groß und Klein: Buntes Programm der städtischen Museen am[...]

Öl und Gas

AGA - American Gas Association

03/07/2024 | Press release | Distributed by Public on 03/07/2024 15:51

AGA Files Comments on Department of Homeland Security Cyber Incident Reporting Proposed Rule

Jul 3, 2024

WASHINGTON - The American Gas Association (AGA), in collaboration with other energy trade associations, has submitted comments in response to the Proposed Rule related to the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) reporting requirements released by the Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024. These comments commend CISA for its focus on cybersecurity incidents that 'actually jeopardize' systems and provide recommendations to refine the reporting requirements.

"We recognize the criticality of our infrastructure and that it is an attractive target for bad actors," said AGA VP, Security and Operations Kimberly Denbow. "The preliminary hours of a confirmed cyber incident that actually jeopardizes our critical systems is crucial. Our comments focus on ensuring the reporting requirements meet the needs of the federal government but does not hinder our mitigation and response efforts."

To maximize the utility of the CIRCIA program, the comments recommend that CISA:

Focus solely on incidents that pose a real threat to operations and provide a clearer definition of what constitutes a substantial cyber incident.

Reduce the quantity and refine the type of information required to be reported within the first 72 hours of an incident, focusing on:

The impact and severity of the incident to assess threat level and risk.

The estimated timeline of the incident, including the suspected start time of the attack.

Indicators of compromise observed on the affected system

Reevaluate the responsibilities for incident reporting along the supply chain to ensure clarity and effectiveness.

Decrease and better define the kinds of information entities must retain, minimizing unnecessary burdens.

Minimize duplicative reporting requirements to streamline the reporting process.

Guarantee the security of information throughout the CIRCIA reporting process to protect sensitive data.

Adopting these recommendations would enhance the effectiveness of the CIRCIA program and help ensure the program addresses high risk cybersecurity threats without imposing unnecessary burdens on critical infrastructure entities. AGA looks forward to continued collaboration with CISA on this issue. AGA's full comments can be accessed here.

Share this article:

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format