CISA Announces Rescheduled CIRCIA Virtual Town Hall Meetings
The Cybersecurity and Infrastructure Security Agency (CISA) has announced a revised schedule of virtual town hall meetings for its Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) rulemaking.
CISA was affected by the failure of lawmakers to agree on funding for the Department of Homeland Security (DHS), which resulted in a 76-day partial shutdown that ended on April 30, 2026. The shutdown significantly reduced CISA’s operational capacity, with only 38% of its staff remaining on the job over that period. While CISA’s core cyber defense operations were maintained during the partial shutdown, CISA’s outreach activities were a casualty. The CIRCIA virtual town hall meetings initially scheduled for March and April 2026 had to be delayed.
The aim of CIRCIA is to help the government respond quickly to cyber threats and disseminate key information to critical infrastructure sectors in response to those threats. When a final rule is issued, CIRCIA will require critical infrastructure entities to rapidly report significant cybersecurity incidents and ransomware payments to CISA. Covered critical infrastructure entities will be required to notify CISA of any ransom payment within 24 hours and certain cyber incidents within 72 hours.
The rapid reporting required under CIRCIA will allow CISA to quickly deploy resources and provide emergency assistance; build a comprehensive, coordinated, and centralized approach to understanding cyber risks across different critical infrastructure sectors; and identify cyber trends and rapidly share threat intelligence with network defenders and warn potential victims about threats.
Ahead of the publication of a final rule, CISA is seeking stakeholder feedback on the requirements of the CIRCIA Notice of Proposed Rulemaking (NPRM). The aim is to ensure that national cybersecurity is strengthened while minimizing the compliance burden on critical infrastructure entities.
The special topics of interest that were due to be covered in the town hall meetings have not been changed; however, the schedule differs from the original proposal. CISA will be hosting four four-hour virtual town hall meetings, starting on June 15, 2026.
A general session will be hosted on June 15, 2026, followed by a June 16, 2026, virtual meeting for Group A critical infrastructure sectors. These will be followed by a general session on June 17, 2026, and a virtual meeting for Group B critical infrastructure sectors.
- The Group A session is for the communications, dams, emergency services, food and agriculture, government facilities, healthcare and public health, transportation systems, and water and wastewater sectors.
- The Group B session is for the chemical, commercial facilities, critical manufacturing, defense industrial base, energy, financial services, information technology, and nuclear reactors, materials, and waste sectors.
While initially tentatively scheduled for 13:30 a.m. to 3:30 p.m, they have since been moved to 4:30 p.m. to 8:30 p.m. Advance registration is required, and registration will close two business days before the meeting, although early registration is recommended. The sessions will be recorded, and transcripts will be published in the CISA docket for CIRCIA rulemaking.
“CISA is working to maximize the impact of CIRCIA to significantly improve our Nation’s cybersecurity posture. At the same time, CISA values the interest and concern our stakeholders have that CIRCIA will be implemented with minimal unnecessary burden to entities in critical infrastructure sectors,” said Nick Andersen, acting director, CISA. “CISA appreciates our stakeholders’ patience with waiting for our rescheduled town hall meetings to provide their critical input as we finalize this rule. As an agency built on collaboration and coordination, CISA is committed to hearing from the American people, critical infrastructure owners and operators, and other community members.”
