Skip main navigation (Press Enter).
Log in
Toggle navigation
Who We Are
About
Membership
National Sponsors
Press Releases
Contact Us
What We Do
Events
Upcoming APGA Events
Natural Gas Utility Workers' Day
Public Natural Gas Week
APGA RF/GTI Energy Research Forum
Upcoming Committee Meetings
Virtual Events
Gas Events Calendar
Resources
Advocacy
Association Materials
Gas Career Openings
Natural Gas & Public Gas Utility Information
Operations & Safety Resources
PHMSA Pipeline Modernization Grants
Publications
Tools & Toolkits
Videos
Programs
APGA Awards
APGA Public Gas Policy Council
APGA Goal Tool
APGA SOAR Program
Mutual Aid Program
Plastic Pipe Data Collection (PPDC)
APGA Research Foundation (RF)
APGA Security & Integrity Foundation (SIF)
Log in
Terms & Conditions
Contact Us
Regulatory Submissions
×
Back to Library
APGA replies to CIRCIA NPRM (July 3 2024)
Helpful
07-18-2024 10:47 AM
Joshua St.Pierre
This month, APGA joined other industry trade groups in filing comments on the Cybersecurity and Infrastructure Security Agency’s (CISA) recent notice of proposed rulemaking (NPRM) titled the Cyber Incident Reporting for Critical Infrastructure Act Reporting Requirements (CIRCIA). The rulemaking would require covered utilities that meet specific criticality criteria to report cyber incidents to CISA within 72 hours after they experience a covered incident. Most APGA member systems will not be considered covered entities under this current framework, as they do not meet certain size thresholds. However, engaging in these opportunities to comment on new reporting requirements ensures that public gas utilities' unique and diverse perspectives are included in the conversation, especially as regulators decide whether or not to expand the requirements in the future.
Public gas systems are committed to working with the federal government to implement effective cybersecurity incident reporting mechanisms that are practical for operators and provide government stakeholders with the appropriate information.
APGA submitted feedback on this process via CISA’s request for information (RFI) on the forthcoming regulation in 2022. APGA and other trade associations were pleased to see that the agency incorporated some of the feedback that industry offered back in 2022 in this most recent NPRM. Still, in this version, industry has identified several opportunities for CISA to improve the rulemaking by eliminating unnecessary, burdensome elements and ensuring adequate harmonization with other reporting requirements. A few key points in our comments are:
CISA should ensure that there is appropriate consideration given to the available resources of covered entities if ever the requirements are expanded.
CISA should reduce the amount of information required to be submitted in the first 72 hours to only the most pertinent information.
CISA should reduce the amount of sensitive information it retains to minimize the potential consequences of a data breach.
Statistics
0 Favorited
4 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
CIRCIA NPRM Comments - AGA INGAA API APGA (1).pdf
335 KB
1 version
Uploaded - 07-18-2024
Download
Download Document
Please accept the terms of the copyright associated with this attachment before downloading it. Click the link below to read the terms.
Accept
Related Entries and Links
No Related Resource entered.
Copyright American Public Gas Association
Powered by Higher Logic