CISA Issues Voluntary Information Sharing Guidance for Critical Infrastructure Owners
CISA announced its publication of Sharing Cyber Event Information Fact Sheet. This Fact Sheet is meant to give guidance to critical infrastructure owners, operators and government partners on sharing information regarding unusual cyber incidents or activity. The information received will fill critical gaps in the collection of such data, as well as deploy resources, analyze trends, issue warnings and build an universal understanding of how U.S. networks and critical infrastructure sectors are being targeted.
According to Covington, the Fact Sheet urges critical infrastructure owners and operators and their government partners to undertake three overarching steps: observe the activity; act to mitigate the threat; and report the event. The Fact Sheet also provides guidance on the types of activities that should be shared with CISA and the “ten key elements” that should be included in any incident report.