Transportation sector identifies differences in TSA and CISA approaches to incident reporting regulation

Transportation sector groups are explaining to CISA officials how regulations from the Transportation Security Administration should be considered as the cyber agency builds out a mandatory incident reporting regime for critical infrastructure owners required by Congress.

The Cyber Incident Reporting for Critical Infrastructure Act passed in March 2022 gives CISA 24 months to release a notice of proposed rulemaking, followed by 18 months for the final rule. The regulation will require incidents to be reported within 72 hours and 24...