|CIRCIA Reporting Requirements
1. Report covered cyber incidents within 72 hours
2. Within 24 hours, report ransom payments
3. 72-hour reporting deadline for covered cyber incidents by covered entities
With Game of Thrones (GOT) averaging a weekly viewership that accounts for over 10% of the U.S. population, many have heard of Cersei Lannister, Queen of the Seven Kingdoms of Westeros. GOT fans are well acquainted with the tyrannical nature of the beautiful, driven, intelligent ruler whose cruelty spanned all eight (8) seasons.
Cersei and CIRCIA may sound similar, but Americans can rest assured that the only commonality shared between the villain pop culture loves to hate and the latest law on cyber incidents is a no-nonsense intolerance towards achieving their respective goals.
What is CIRCIA?
CIRCIA stands for Cyber Incident Reporting for Critical Infrastructure Act of 2022. It is a Federal law signed by President Biden and the U.S. Federal Government in March 20221. The law focuses on reporting requirements related to cybersecurity incidents and ransomware payments. Covered entities in critical infrastructure will now be required to register incidents and charges within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA).
|Covered Cyber Incident: An event that impacts a covered entity’s integrity, confidentiality, and security.
|Covered Entity: A company whose activities are in a critical infrastructure sector listed by CISA.
What does CIRCIA want?
CIRCIA aims to establish a global collaborative framework to address cyber threats effectively, considering the alarming frequency of cyber incidents. According to data from the Department of Defense’s2 Cyber Security Service Providers, approximately 12,000 cyber incidents were reported from 2015 to 2021.
What kingdom does CIRCIA rule?
Rulemaking and oversight responsibility is tasked to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), which is expected to finalize and enforce rules no later than September 2025. These organizations include financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sectors. Covered entities may comprise all 16 industries critical to national security, economic stability, public health, and safety identified in Presidential Policy Directive 21 (PPD-21).
What does it mean for you?
CIRCIA aims to ensure cyber response plans and teams collaborate effectively, respond resiliently, and recover rapidly from cyber incidents. In preparation for CIRCIA, Federal agencies must take several key actions, including:
- Incident Response Plans and Teams: The U.S. Government, guided by CIRCIA and CISA, is developing thorough incident response plans. These plans detail the steps for identifying, containing, and recovering from cyber incidents. Specialized teams are being formed, equipped to handle various cyber threats.
- Incident Reporting: Federal agencies are required to report cyber incidents promptly. These reports should include critical details like the incident’s timing, location, nature, impact, and the parties informed.
- Incident Coordination: Collaboration and information sharing among Federal agencies, CISA, and other entities are crucial. This coordination ensures a well-orchestrated response and a comprehensive understanding of the situation.
- Training and Awareness: Continuous training and awareness programs are emphasized. These initiatives aim to equip Federal employees with the knowledge to identify and respond to cyber threats, fostering a culture of cyber resilience.
- Regular Testing and Evaluations: Regular drills and evaluations are conducted to assess the readiness of incident response plans and teams. These assessments help identify areas for improvement and inform necessary updates to bolster cyber incident response capabilities.
CIRCIA, CISO, and the U.S. Federal Government
CIRCIA, in collaboration with the U.S. Federal Government and its agencies, establishes a collective approach to cybersecurity and incident response. The Cybersecurity and Infrastructure Security Office (CISO), as part of CISA, plays a pivotal role in overseeing and guiding incident response efforts across Federal agencies. Together, they work towards fostering a secure and resilient digital landscape, ensuring the protection of critical infrastructure, sensitive information, and public services. By promoting collaboration, information sharing, and standardized incident response procedures, CIRCIA and CISO aim to counter cyber threats effectively and safeguard the nation’s cybersecurity interests.
What can you do?
DX360°® Cyber Incident Reporter is a game-changer in cybersecurity, providing agencies with a powerful tool to enhance their incident response capabilities. Integrated with Login.gov, it offers real-time information collection and a user-friendly dashboard for monitoring and tracking incidents. This tool ensures timely transparency, secure and detailed dashboards for analysis, and aids in efficient investigation and trend discovery. With this, agencies can significantly improve their efficiency and effectiveness in responding to and investigating cyber incidents.
What’s our distinctive edge?
- Public Portal: Standardizes method for authenticated citizens to submit incident reports securely and consistently using a web portal. Agencies receive notifications to review submissions, and citizens can leverage the portal to check on status, add additional details, and exchange attachments.
- Stunning Dashboards Personalized to Roles: Informs incident reporters, analysts, or executives through role-based analytic dashboards populated with statistics, charts, graphics, and visualizations tailored to individual needs and need-to-know.
- Smart, Real-Time Analytics: Provides unique visualizations, e.g., Word Clouds, aggregate live incident data for easy consumption to facilitate active investigations, reveal attack patterns, and expedite responses. Trendlines for remediation, research, and mitigation action improvements are available by Severity, Incident Type, and Affected organizations.
- Multi-Platform Integration: Integrates with Network Scanners, SEIMs, and endpoint protection solutions to deliver an integrated, comprehensive security solution.
- Parameterized Alerts: Automates notifications to keep organizations effortlessly informed on cyber risks, providing lead time to mitigate incidents before they become significant issues and keeping systems responsive to threats and malicious activities.
Request a Demo Today
DX360°® Cyber Incident Reporter improves the organization’s cyber incident capability and enables CIRCIA compliance without the administrative burden and expensive overhead. It automates cyber incident reporting, tracking, and managing incidents; scales the capacity of cyber incident detection; and improves our nation’s visibility and responsiveness to cyber threats.
The DX360°® Cyber Incident Reporter difference:
- Culture of Responsibility through Transparency: Sharing timely and accurate information with the public and other organizations creates a commitment to ensuring a national cyber security environment.
- Reduced costs Security A.I. and automation can reduce costs of breach responses by 90%+. It took $4.82M and 323 days3 for critical infrastructure entities to identify and contain data breaches, with dramatic improvements in technology-driven organizations.
- More Effective Mitigation: By promoting collaboration, streamlining reports, and automating workflows, a secure platform can reduce response times from days to hours, reducing the impact of a cyber incident.
- Worry-Free Compliance: SaaS maintenance and streamlined process ensure CIRCIA requirements maintain Service Level Objectives (SLOs), and reporting capabilities enable performance reminders and escalation alerts.
While we can’t say Cersei is the best fit for the iron throne, CIRCIA is what our nation needs against cyber threats.
Request a personalized demo with us today to get started on establishing your agency’s stronghold.