DHS Pushes for Common Cyber Incident Reporting Definitions

The Department of Homeland Security (DHS) recently published a new report aimed at consolidating various ways the Federal government and its agencies report cyber incidents in a more standardized manner. Entitled 'Harmonization of Cyber Incident Reporting to the Federal Government' and made public on September 19, the report addresses the existence of more than 45 different cyber incident reporting mandates at the Federal level. Rob Silvers, DHS Under Secretary for Policy and chairman of the Cyber Incident Reporting Council (CIRC), stressed the importance of streamlining these requirements in order for Federal agencies to access necessary information without placing redundant burdens on victim companies focused on incident response and customer welfare.

The Department of Homeland Security has issued a report with the intention of establishing uniform requirements for reporting cyber incidents at the Federal level. The objective is to simplify the reporting procedures for Federal agencies and alleviate the workload on companies that have fallen victim to cyber incidents. The report includes suggestions for incorporating consistent definitions, timelines for reporting, forms for submission, and terminology. The recommendations outlined in the report will be employed by the Cybersecurity and Infrastructure Security Agency (CISA) as part of the ongoing regulatory proceedings for the Cyber Incident Reporting for Critical Infrastructure Act. The primary goal of the report is to ensure clarity and uniformity in guidelines for sharing information in the critical aftermath of a cyber attack.