NCC last week submitted comments on the Cybersecurity and Infrastructure Security Agency’s (CISA) proposed rule to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).

“NCC shares CISA’s commitment to protecting the nation’s critical infrastructure against cyber threats, and we recognize that sharing information regarding cyber incidents is an integral part of protecting the U.S. national security, economy, and public health and safety.”

NCC in the comments commended CISA’s efforts to develop a robust reporting framework that will help to achieve these goals, and respectfully offered comments on certain key areas where the Council thinks there are opportunities for improvement. The comments can be read by clicking here.

“We hope that this feedback will help CISA to develop a workable reporting framework that will ensure that the Agency receives the threat intelligence it needs to effectively manage and mitigate the nation’s cyber risk, while also minimizing the compliance burden on many critical infrastructure entities, including small businesses,” NCC wrote.