NRECA Files Comments with CISA on Cybersecurity Mandatory Reporting RFI

On November 3, NRECA filed comments in response to Cybersecurity and Infrastructure Security Agency's (CISA) Request for Information (RFI) on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The act requires CISA to develop and implement regulations requiring certain covered entities to report covered cyber incidents and ransomware payments to CISA when they have a national-level impact. NRECA's position is that electric utilities within the U.S. already report cyber security incidents to the federal government based on a structure enshrined in various statutes. Therefore, CISA should provide flexibility in the proposed rule and coordinate with DOE and FERC to ensure current information sharing at the federal level is maintained. The comments include a detailed description of the current reporting structure used within the electricity subsector. Furthermore, this position is supported by the Chairman and Ranking Member of the House Committee on Energy and Commerce and the Senate Committee on Energy and Natural Resources in their April 8th letter to DOE Secretary Jennifer Granholm regarding the implementation of CIRCIA.

Legislative, Regulatory & Technology

Cooperatives & Business

View Business & Technology Strategies

Projects and Programs

Work Groups

View Communications

View Government Relations

View Safety & RESAP

RESAP Program

Safety Initiatives

View Wood Quality Control

View Workforce Solutions

Educational Offerings

View Courses

By Format

Sponsorship & Exhibit Opportunities

Other Resources

Co-op Groups

MORE FROM NRECA