Powering Strong Communities
Security

APPA Seeks Clarification on Elements of Proposed Cyber Incident Reporting Requirements

Like What You Are Reading?

Please take a few minutes to let us know what type of industry news and information is most meaningful to you, what topics you’re interested in, and how you prefer to access this information.

The American Public Power Association is seeking clarification of several aspects of a Cybersecurity and Infrastructure Security Agency notice of proposed rulemaking to implement cyber incident reporting requirements for critical infrastructure entities.

APPA submitted the comments to the agency on July 3.

APPA is seeking clarification of several aspects of the proposed rule, including clarification on the factors in determining whether a cyber incident is reportable, the timeline for making that determination, and CISA’s expectations for the level of detailed information that must be reported in the initial hours following an incident.

APPA emphasized in its comments that CISA should exclude small utilities from the reporting obligation and to ensure that utilities are not subject to duplicative reporting requirements.

APPA also joined comments with several other trade associations for the financial services, telecommunications, and electricity sectors, encouraging CISA to limit the scope and raise the threshold for incident reporting by amending the definition of a substantial cyber incident in the final rule.

NEW Topics