September 30, 2024 By Sue Poremba 2 min read

Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal.

“The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information
on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement.

“Reported incidents enable CISA and our partners to help victims mitigate the effects, limit the ability of malicious actors to use the same techniques to execute multiple intrusions and better understand the scale of adversary campaigns. Information sharing not only helps the victim but other potential victims as well,” the spokesperson added.

How the portal works

CISA uses NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, to provide guidance on how to define a cyber incident. These include:

•    Attempts to gain unauthorized access to a system or its data
•    Unwanted disruption or denial of service
•    Abuse or misuse of a system or data in violation of policy

The portal covers more than just cyber incidents. Users can also report malware, software vulnerabilities, threat indicators and government website vulnerabilities. One exception to what can be reported from the CISA Services Portal: Users reporting a cyberattack on the critical infrastructure are instructed to follow a different submission link per CIRCIA requirements.

When you click on the link to report an incident, it will walk you through the process, from identification of the organization to detailed incident description to the technical aspects associated with the incident.

What makes this portal different

There are a lot of different breach reporting portals and websites out there, so what makes CISA’s different? First, it is completely voluntary and open to all entities across the country to use, but it is also a stand-alone government portal. It does not replace any reporting processes required by federal, state, local and/or industry regulations. An organization required to report a breach to the FTC or FCC, for example, will still have to follow those procedures.

Reporting can be done on behalf of an organization or by an individual user. Users can set up an account and use the portal to chat with CISA about their cybersecurity questions and concerns. Reports filed can be saved, updated and shared.

What truly makes CISA’s portal unique is the agency’s ability to assist in an organization’s incident response and recovery efforts. This is especially vital for small and medium-sized businesses that may not have the resources to mitigate an incident efficiently.

Again, even though reporting to CISA is not mandatory, the agency encourages all organizations and entities to voluntarily report cyber incidents or anomalous activity. CISA does ask anyone reporting an incident to have as much information as possible about the breach and mitigation efforts. The agency has produced a guide to help victims prepare to make their reports.

“Any organization experiencing a cyberattack or incident should report it – for its own benefit and to help the broader community. CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene in a formal statement covering the portal’s announcement.

More from News

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today