Tech security group urges critical infrastructure entities to establish incident reporting processes in advance of final CISA rule

Private sector organizations should take advantage of parameters laid out in CISA’s notice of proposed rulemaking to establish internal policies for reporting incidents to the cyber agency, according to a leader in the Institute for Security and Technology’s Ransomware Task Force.

“These 18 months are an opportunity for critical infrastructure providers, owners and operators to practice reporting,” IST’s Elizabeth Vish told Inside Cybersecurity.

Vish is IST’s senior director for international cyber engagement and a former State Department official who worked...