Recommended Cyber Incident Report Standards

The U.S. Department of Homeland Security (DHS) Office of Strategy, Policy, and Plans has released Harmonization of Cyber Incident Reporting to the Federal Government, a report which discusses requirements, recommendations, and potential legislative changes as they pertain to cyber incident reports. This report aims to satisfy requirements made under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was enacted to facilitate quick and comprehensive cyber threat and vulnerability assessments across agencies. While enacting mandatory cybersecurity reporting can help secure critical infrastructure, it can also create potential issues within agencies as they manage allocating resources to such reporting efforts.

While assessing these concerns, the DHS Office of Strategy, Policy, and Plans has made the following recommendations:

Recommendation 1: The Federal Government should adopt a model definition of a reportable cyber incident wherever practicable.

Recommendation 2: The Federal Government should adopt model cyber incident reporting timelines and triggers wherever practicable.

Recommendation 3: Agencies with requirements for covered entities to provide notifications to affected individuals or the public should consider whether a delay is warranted when such notification poses a significant risk to critical infrastructure, national security, public safety, or an ongoing law enforcement investigation.

Recommendation 4: The Federal Government should adopt a model reporting form for cyber incident reports wherever practicable.

Recommendation 5: The Federal Government should assess how best to streamline the receipt and sharing of cyber incident reports and cyber incident information, including through improvements to existing reporting mechanisms or the potential creation of a single portal.

Recommendation 6: Federal cyber incident reporting requirements should allow for updates and supplemental reports.

Recommendation 7: The Federal Government should adopt common terminology regarding cyber incident reporting wherever practicable.

Recommendation 8: The Federal Government should improve processes for engaging with reporting entities following the initial report of a cyber incident.

For more information, check out the HSDL In Focus topics on Critical Infrastructure Protection, Cyber Policy, and Cyber Crime and National Security.

Note: you may need to login to the HSDL to view some resources mentioned in the blog.

Need help finding something?  Ask our librarians for assistance!

Scroll to Top