On Monday, APGA joined with others in the energy sector to submit comments to the Cybersecurity and Infrastructure Security Agency (CISA). This feedback was an answer to a request for information (RFI) concerning a rulemaking that stemmed from recently passed legislation, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
APGA, along with other energy trade associations, recognizes the importance of adopting effective cybersecurity incident reporting requirements that align and balance the protection of interests between the federal government and critical infrastructure owners/operators, while incentivizing sound, safe, and responsible security practices. A key goal with the submission was to encourage CISA not to simply create an incident reporting regulation, but to develop a collective defense capability. For instance, all should benefit and would if reporting and non-attributable information is released quickly to relevant stakeholders, such as the Information Sharing & Analysis Centers (ISACs).
Given the rapidly evolving threat landscape, it is more important than ever for policymakers to work with critical infrastructure representatives, like public gas utility employees, to identify key principles that guide a practical, reliable, flexible, and sustainable cybersecurity incident reporting regime. All the natural gas value chain stakeholders are committed to collaboratively partnering with key stakeholders to define key terms, identify appropriate information and timing requirements, and establish reciprocal responsibilities to facilitate the development of a sensible reporting framework. To see APGA’s comments,
click here.
With any new developments on incident reporting, APGA staff will notify the Security Task Group.
For questions on this article, please contact Stuart Saulters of APGA staff by phone at 202-544-1334 or by email at
ssaulters@apga.org.