Today, October 3, DHS’ Cybersecurity and Infrastructure Security Agency (CISA) will hold a virtual listening session to collect input from water sector stakeholders on the development of forthcoming cyber incident reporting regulations. The listening session will be held from 1:00 – 2:30 pm ET. Pre-registration is required, and interested participants should email [email protected] with their name, title, and organization.
Legislation approved by Congress last year directs CISA to develop rules requiring covered critical infrastructure owners and operators to report to CISA within 72 hours of a reasonable belief that they have experienced a cyberattack, or within 24 hours of making a cyber ransom payment. Water systems are not explicitly mentioned in the statute but could be subject to the reporting requirements based on how CISA decides to define covered entities. The listening session will be one of CISA’s first opportunities to hear stakeholder perspectives on how to frame these new mandates.
Similarly, last month CISA released a Request for Information to inform the shape of the rules, and AMWA has invited its members to share perspectives that will help the association develop its comments. Members interested in participating should contact AMWA’s Dan Hartnett.