Dive Brief:
- The Cybersecurity and Infrastructure Security Agency introduced an online portal Thursday for organizations to voluntarily report malicious cyberattacks, vulnerabilities and data breaches.
- The CISA services portal is a secure platform that provides enhanced functionality and collaboration features, including the ability to save and update incident reports, share submitted reports with colleagues or clients and search for reports. Users can also have informal discussions with CISA through the portal.
- “An organization experiencing a cyberattack or incident should report it — for its own benefit, and to help the broader community,” Jeff Greene, executive assistant director for cybersecurity at CISA, said in a statement. “CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident.”
Dive Insight:
The portal is part of an ongoing effort by CISA to streamline the process of sharing threat intelligence and make it faster and less burdensome.
Since the Sunburst attacks against SolarWinds in 2020 and the Colonial Pipeline ransomware attack in 2021, federal authorities have pushed to encourage private sector collaboration, because if companies are reluctant to share threat information it becomes more difficult to prepare other organizations who will remain vulnerable.
Voluntary reporting of cyber incidents not only helps the government get a better understanding of threats, but it can directly benefit targets of malicious activity, according to Kirsten Mickelson, cyber claims practice leader at Gallagher Bassett.
“This is a quick and efficient way to get real time data on the current threat landscape and be in the best position to be on the offensive,” Mickelson said via email.
Ideally the portal will help streamline voluntary reporting, so organizations will be able to report the incident only one time instead of sending reports to multiple government agencies, Mickelson said.
CISA said the incident reports should capture key details of a breach or attack, including:
- When an incident is discovered.
- The tactics, techniques and procedures of the attacker.
- A description of how the attack or breach was discovered.
- What vulnerabilities were exploited to enable the attack.
- Technical indicators and artifacts of compromise, such as malware hashes, IP addresses, URLs, phishing emails, etc. Malware samples or suspicious files can be uploaded.
The portal may help streamline incident reporting, but is not enough to address much wider concerns about the growing redundancy of cyber disclosure requirements, according to Katell Thielemann, distinguished VP analyst at Gartner.
“The portal and its enhancements are a minor part of a much more complex topic – which includes establishing the right incentives for voluntary cyber incident reporting and harmonization of the mandates currently multiplying,” Thielemann said.