Industry coalition asks CISA for extension to respond to incident reporting rulemaking

A broad coalition of industry groups is asking the Cybersecurity and Infrastructure Security Agency to provide a 30-day comment extension for a major rulemaking to implement an incident reporting regime for critical infrastructure owners and operators.

CISA published a notice of proposed rulemaking on Thursday in the Federal Register to establish requirements for reporting cyber incidents and ransom payments to the agency, as required under the 2022 Cyber Incident Reporting for Critical Infrastructure Act. The NPRM has a 60-day...