CISA Releases Guidance on Sharing Cyber Event Facts

The Cybersecurity and Infrastructure Security Agency (CISA) has lately released a fact sheet about cyber threat facts sharing to help organizations in reporting incidents of cyberattacks, which will enable the agency to minimize present and surfacing cybersecurity threats to critical infrastructure in the U.S.

After the approval of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), a rulemaking process will start to carry out statutory specifications; nevertheless, the fact sheet works as a temporary measure to instruct companies on the voluntary sharing of data concerning cyber-connected events.

The sharing of cyber threat facts is an important component of the collective protection against cyber threats and serves to reinforce U.S. cyber defense. The quick sharing of threat data with CISA enables it to give timely alerts and offer help to other companies and entities that can allow them to prevent becoming victims to identical attacks. With access to threat data, CISA can recognize attack patterns that will direct future initiatives to secure the critical infrastructure of the country.

The fact sheet details how companies can help and the types of action and data that ought to be provided. Organizations must monitor attacks, take action to minimize the threat, and then submit a threat report to CISA. CISA has asked for threat data from critical infrastructure operators and
owners and federal, state, territorial, local, and tribal government partners.

CISA would like to get cyber threat data associated with unauthorized system access, DOS attacks lasting over 12 hours, the identification of malicious code inside systems, targeted and frequent systems scans, repeated efforts of unauthorized persons to access systems, email or mobile communications related to phishing attempts or successful phishing attacks, and ransomware attacks on critical infrastructure companies.

CISA stated the information given will enable it to fill critical data gaps, use resources, evaluate trends, give alerts, and create common knowledge of how attackers are targeting U.S. systems and critical infrastructure areas.