CISA Launches New Cyber Incident Reporting Portal
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new portal to make it easier for organizations to report cyber incidents and data breaches. Use of the portal is voluntary but strongly recommended, as the reporting of cyber incidents benefits the reporting entity as well as the broader community.
Cyberattacks can be hugely disruptive for the breached entity; however, CISA and its government partners may be able to offer assistance, as they have unique resources and tools available to help with response and recovery. Prompt reporting will ensure that those resources can be made available when they are needed.
“An organization experiencing a cyberattack or incident should report it — for its own benefit, and to help the broader community,” said Jeff Greene, executive assistant director for cybersecurity, CISA. “CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident.”
When a threat actor conducts a successful attack, the tactics, techniques, and procedures (TTPs) used in that attack will be used to attack other entities. Reporting cyber incidents will give CISA access to real-time data on the cyber threat landscape and will allow the federal government to respond quickly to ongoing campaigns and mitigate the consequences much more rapidly, including sharing details of the exploited vulnerabilities and mitigations to help others improve their defenses before they too fall victim to attacks.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Information about vulnerabilities can be shared with software developers and vendors who will be able to immediately devote resources to preventing, deterring, defending against, responding to, and mitigating significant cyber threats.
Prompt sharing of cyber event details will allow CISA’s federal and non-federal partners to detect and counter sophisticated cyber campaigns early, greatly limiting the negative impacts on critical infrastructure and national security. CISA will also be able to analyze the data to identify trends and track cyber threat activity beyond the federal agencies that are required to report incidents to CISA. The information will also be rapidly shared with law enforcement partners, allowing investigations to proceed quickly, which may decrease the time taken to identify and prosecute the perpetrators and prevent many future attacks.
The types of information requested by CISA include a description of the incident, including any vulnerabilities exploited, identified TTPs, how the incident was discovered, the impact of the attack on the organization, the impact on goods and services provided to others, and any impact to life and safety. CISA also requests technical information such as Indicators of Compromise (IoCs), phishing emails, URLs, email addresses, communications with threat actors, malware or suspected malware, and the steps taken to mitigate the incident, including an assessment of how effective those mitigations are thought to have been.
The new portal provides enhanced functionality and collaboration features, allows reports to be saved, updated, and shared with colleagues or clients, and users will also be able to have informal discussions with CISA via the portal.
