CISA eyes staff, tech upgrades to support cyber incident reporting

The Cybersecurity and Infrastructure Security Agency’s new cyber incident reporting rules will require more staff and technology upgrades, the agency revealed in its budget request this week.

CISA is expected to issue the notice of proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) as soon as this week. The law, passed in March 2022, gave the agency two years to develop the proposed rules. After the proposed regulations are published, the agency has another 18 months to gather feedback and finalize the rules.