The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CISA Issues Guidance on Sharing Cyber Event Information

Posted By on Apr 12, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has recently published a fact sheet on cyber threat information sharing to guide organizations reporting cyber incidents, which will help the agency mitigate current and emerging cybersecurity threats to U.S. critical infrastructure.

Following the passing of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), a rulemaking process will commence to implement statutory requirements; however, the fact sheet serves as an interim measure to guide organizations through the voluntary sharing of information about cyber-related events.

The sharing of cyber threat information is an essential part of the collective defense against cyber threats and helps to strengthen U.S. cybersecurity. The rapid sharing of threat information with CISA allows the agency to issue prompt warnings and provide assistance to other organizations and entities that could help them avoid falling victim to similar attacks. Having access to threat information can also help CISA to identify attack trends that will guide future efforts to protect the country’s critical infrastructure.

The fact sheet explains how organizations can assist and the types of activity and information that should be shared. Organizations should observe attacks, take steps to mitigate the threat, and then report the threat to CISA. CISA has requested threat information from critical infrastructure owners and operators, and federal, state, local, territorial, and tribal government partners.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

CISA wants to be provided with cyber threat information related to unauthorized system access, DOS attacks that last more than 12 hours, the discovery of malicious code within systems, targeted and repeated scans of systems, repeated attempts by unauthorized individuals to access systems, ransomware attacks on critical infrastructure organizations, and email or mobile messages associated with phishing attempts or successful phishing attacks.

CISA said the information provided will help it fill critical information gaps, deploy resources, analyze trends, issue warnings, and build a common understanding of how adversaries are targeting U.S. networks and critical infrastructure sectors.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist