On the 29th of August in the year 2024, CISA made public the debut of a fresh cyber-incident Reporting Portal, a component of the new CISA Services Portal.
“The Incident Reporting Portal allows entities and individuals reporting cyber incidents to establish unique accounts, preserve reports to submit later, and remove the redundant task of entering routine details like contact information,” expressed Lauren Boas Hayes, Senior Advisor for Technology & Innovation at CISA.
Following the announcement, Security Intelligence brought to light the design of the portal and how it sets itself apart from other cyber incident report frameworks. It was pointed out that CISA’s prime edge lay in its capacity to aid the reporting organization with response and mitigation.
“Any entity undergoing a cyberattack or incident should register it — for its own advantage and to support the broader community. CISA and our governmental partners possess unique resources and tools to assist in response and recovery, but we’re unable to extend help if unaware of an incident,” said CISA’s Executive Assistant Director for Cybersecurity Jeff Greene in a formal declaration tackling the portal’s unveiling.
Four months down the line
Subsequent to the declaration in August, numerous events unfolded. There took place a presidential election, with a new administration set to assume office on the 20th of January. The existing CISA director and other politically appointed officials are poised to vacate their roles. Presently, the agency’s outlook remains ambiguous, especially with regards to who will supervise it and whether its functions will be divided among various federal departments. Nonetheless, it is anticipated that its operations will persist.
Prior to these alterations transpiring, we sought to touch base with CISA to monitor the progression of the portal and envision the impending scenarios.
Explore cybersecurity services
Extensive track record of acquiring cyber incident reports
CISA was initially established in 2018; however, federal bodies have been amassing cyber incident reports for ages.
“The inauguration of the Incident Reporting Portal marks a momentous advancement for CISA’s ability to collect operationally germane data from reporters in a platform that is more user-friendly for reporters,” as per Hayes. “The objective for the Incident Reporting Portal is for CISA’s Incident Reporting Portal to continue enriching the system’s functionality to empower entities to distribute submitted reports with associates or clients to foster more effectual third-party reporting, converse directly with CISA, and access information and services pertinent to the reporter.”
The portal is foreseen to simplify adherence to the Cyber Incident Reporting for Critical Infrastructure Act of 2022. This statute will “mandate CISA to collaborate with Federal associates and others on various cyber incident reporting and ransomware-related actions” among the 16 sectors, agencies, and industries classified as “vital for the health, economy, and security of the community or region.”
Hayes appended that although reporting under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 is not obligatory until the Final Rule takes effect, the agency recommends that critical infrastructure proprietors and operators voluntarily disclose information concerning cyber incidents before that moment for averting other entities from becoming targets of analogous incidents.
“Sharing information lets us collaborate with our broad array of partners to forestall perpetrators from compromising additional victims employing the same methods,” relayed Hayes. “Sharing information can offer insight into the scope of an adversary’s campaign.”
Rationale behind why reporting is crucial for overall cybersecurity
Even though reporting cyber incidents to the portal remains optional currently, it is encouraged for all establishments to share the details. If necessitated, they can do so anonymously. With cyber assaults and nation-state perils growing in sophistication and increasingly zeroing in on critical infrastructure sectors, furnishing this data to CISA empowers the agency to assist other entities in gearing up for emerging threats and enacting preemptive measures before harm is inflicted.
“Thwarting and deterring future cyberattacks necessitates the coordination of numerous groups and organizations,” elaborated CISA. “By promptly sharing crucial details about assaults and vulnerabilities, the scale and extent of cyber incidents can be appreciably curtailed.”
Moreover, it’s not solely CISA that utilizes this information. As per the U.S. Government Accountability Office (GAO), 14 federal agencies are tasked with safeguarding critical infrastructure against cyberattacks, many in unforeseen manners. For instance, TSA, which manages airport security screenings, is also mandated with protecting the nation’s fuel pipelines.
“Organizations representing critical infrastructure owners and operators apprised us of the substantial advantages in obtaining intel about threats from federal agencies,” disclosed the GAO.
What lies ahead
Despite an evolving presidential administration, CISA is forging ahead. It is devising a forthcoming strategy focused on shielding critical infrastructure from cyber perils, thereby fortifying a safety layer for the nation’s populace and enterprises.
“Sharing information lets us collaborate with our broad array of partners so that bad actors can’t recycle the same methods on additional victims and can supply insight into the scale of an adversary’s campaign,” Jeff Greene was cited in Federal News Network. “CISA is thrilled to provide our new portal furnished with enhanced functionality and features for cyber reporting.”
Regarding the future of the Incident Reporting Portal, Hayes relayed, “In the times ahead, our intention is to integrate supplementary features that require time for development and integration of user feedback. Our user experience team is actively soliciting feedback on areas we can ameliorate the system over time.”