Policy Backgrounder: CISA Proposed Rule on Cyber Reporting for Critical Infrastructure Sectors

Economic Data

All Data

See current direction and trends across key indicators

Consumer Confidence Index

US consumers' thoughts on the economy, jobs, finances and more

Data Central

One-stop, member-exclusive portal for the entire suite of indicators

Labor Markets

Covering all aspects of labor markets, from monthly development to long-term trends

Measure of CEO Confidence

Examines the health of the US economy from the perspective of CEOs

Recession & Growth Trackers

See the current and future state of 16 economies.

Global Economic Outlook

Track the latest short-, medium-, and long-term growth outlooks for 77 economies

Leading Economic Indicators

Track the state of the business cycle for 12 global economies across Asia and Europe

Help Wanted OnLine

Track the status of job markets across the US through online job listings

Other Featured Data

Human Capital Analytics Tools

Tools to understand human capital management and corporate performance

CMO+CCO Meter Dashboard

Tracks the impact, resources, and satisfaction of CMOs and CCOs

CISA Proposed Rule on Cyber Reporting for Critical Infrastructure Sectors

April 12, 2024

Trusted Insights for What’s Ahead^®

The Department of Homeland Security published its proposed regulation to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) that mandates reporting of cyber breaches to the Cybersecurity & Infrastructure Security Agency (CISA) for a wide range of entities designated as part of US critical infrastructure.

CIRCIA, enacted in March 2022, requires covered entities generally to report cyber incidents within 72 hours and ransomware payments within 24 hours through a specified form on CISA's website, requiring disclosure of incident details and the preservation of related data for two years.

CISA proposes a broad scope of “covered entities” across its 16 infrastructure sectors, while including exemptions for certain small businesses. The proposal also defines a "substantial” cyber incident broadly, excluding minor disruptions.

CISA estimates that up to 316,244 entities will be covered under this rule, resulting in approximately 210,525 breach reports over 11 years, with compliance a cost of $1.4 billion to the industry and $1.2 billion to the Federal Government. (The total cost of cyberattacks to the economy is far larger.)

Comments on the regulation are due by June 3, 2024. CISA expects to issue a final rule in late 2025, with implementation in 2026.

Policy Backgrounders

CISA Proposed Rule on Cyber Reporting for Critical Infrastructure Sectors

April 12, 2024

Trusted Insights for What’s Ahead^®

Authors

John Gardner

Mitchell Barnes

Higher Education in Focus: Recent Federal Scrutiny Explained

Next Steps in Reconciliation: House Committee Markups

Analyzing the US-Ukraine Minerals Deal

Reauthorization of the Defense Production Act

The Next One Hundred Days – and Beyond: What Lies Ahead

Congress Agrees to Budget Resolution to Unlock Reconciliation

Showerheads—and the Future of Regulation

US Tariff Shift: Key Implications and Considerations

US Spring Plantings Respond to Tariffs and Geopolitical Risk

ABOUT US

MEMBERSHIP

EXPLORE

CONTACT US

CAREERS

SORT BY

CED Committee for Economic Development

Economy, Strategy & Finance

Governance & Sustainability

Human Capital

Marketing & Communications

Reports

Upcoming Webcasts

On Demand Webcasts

Podcasts

Charts & Infographics

Artificial Intelligence (AI)

Navigating Washington

Geopolitics

US Economic Forecast

Sustainability

Future of Work

People First: Opportunity and Access

CHRO Summit: Navigating through a Tsunami of Change

Future: People Asia

Executive Compensation in a Disruptive World

CED Distinguished Leadership Awards Celebration

The 2025 IBI/Conference Board Health and Productivity Forum

Explore all Upcoming Events

Center Briefings

Experts Live

Roundtables

Working Groups

Expert Briefings

Committee for Economic Development

Economy, Strategy & Finance

Governance & Sustainability

Human Capital

Marketing & Communications

What Is a Center?

Benefits of Center Membership

Join a Center

Economy, Strategy & Finance

Governance & Sustainability

Human Capital

Marketing & Communications

What is a Council?

Benefits of Council Membership

Apply to a Council

Benefits of Membership

Check if Your Organization is a Member

Speak to a Membership Associate

Council

Committee for Economic Development

Economy, Strategy & Finance

Governance & Sustainability

Human Capital

Marketing & Communications

Insights

Sign In to myTCB®

Executive Communities

Member-Exclusive Programs

About Us

In the News

Press Releases

Our History

Support Our Work

Locations

Contact Us

Our Leadership

Our Experts

Trustees

Voting Members

Global Counsellors

Careers

This Week @ TCB

CED
Committee for Economic Development

Sign In to myTCB^®