Communications sector raises concerns over reporting obligations for small providers under CISA mandatory regime

The Cybersecurity and Infrastructure Security Agency should create allowances for small providers who may be unable to fulfill tight deadlines set by Congress for reporting cyber incidents under the agency’s upcoming rule for critical infrastructure, according to communications sector groups.

Two rural telecom associations ask for flexibility for their members, while NCTA-The Internet and Television Association proposes a “risk-based approach” to determine what constitutes a “covered entity” for reporting.

In comments to CISA, NTCA-The Rural Broadband Association writes, “To...