Cybersecurity News

CISA Issues Guidance on Cybersecurity Information Sharing

CISA emphasized the importance of cybersecurity information sharing for critical infrastructure entities in its latest guide.

CISA Issues Guidance on Cybersecurity Information Sharing

Source: Getty Images

By Jill McKeon

- The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance for critical infrastructure entities regarding cybersecurity information sharing. Specifically, the guidance sheds light on what cyber incidents to share, who to share them with, and how.

CISA expressed its support for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Biden signed into law in mid-March.

“In accordance with CIRCIA, CISA will now undertake a rulemaking process to implement the statutory requirements. In the interim,” CISA stated.

“CISA continues to encourage our stakeholders to voluntarily share information about cyber-related events that could help mitigate current or emerging cybersecurity threats to critical infrastructure. Together we can make a difference.”

The agency emphasized the importance of threat sharing among critical infrastructure entities and encouraged critical infrastructure owners and operators, along with federal, state, local, territorial, and tribal government partners, to report cyber incidents as soon as they discover them.

CISA provided three simple steps for organizations to follow when they discover suspicious activity: observe the activity, act by taking local steps to mitigate the threat, and report the event.

CISA also shared a list of 10 key elements to share when reporting the cyber incident:

  • Incident date and time
  • Incident location
  • Type of observed activity
  • Detailed narrative of the event
  • Number of people or systems affected
  • Company/Organization name
  • Point of Contact details
  • Severity of event
  • Critical Infrastructure Sector if known
  • Anyone else you informed

Cyber incidents come in many forms, CISA stressed. Entities should report any unauthorized system access, Denial-of-service (DoS) attacks that last for more than 12 hours, and malicious code on their systems.

In addition, organizations should report any phishing attempts or successful exploits, ransomware attacks, or any other attempts to gain access to an organization’s system.

CISA directed federal and critical infrastructure partners to complete its incident reporting forms or email report@cisa.gov with details of the incident.

“When cyber incidents are reported quickly, CISA can use this information to render assistance and provide a warning to prevent other organizations and entities from falling victim to a similar attack,” the guide explained.

“This information is also critical to identifying trends that can help efforts to protect the homeland.”