Industry stakeholders highlight automation, incident report planning as key elements of upcoming CISA regime

Several mechanisms need to be in place to provide value to industry in CISA’s upcoming mandatory incident reporting regulation, according to industry stakeholders, who provided thoughts on the agency’s ability to effectively digest information received and the burden for covered entities.

The Cyber Incident Reporting for Critical Infrastructure Act passed in March gives CISA 24 months to release a notice of proposed rulemaking, followed by 18 months for the final rule. However, Palo Alto Networks’ Coleman Mehta said planning for...