Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal.
“The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information
on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement.
“Reported incidents enable CISA and our partners to help victims mitigate the effects, limit the ability of malicious actors to use the same techniques to execute multiple intrusions and better understand the scale of adversary campaigns. Information sharing not only helps the victim but other potential victims as well,” the spokesperson added.
How the portal works
CISA uses NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, to provide guidance on how to define a cyber incident. These include:
• Attempts to gain unauthorized access to a system or its data
• Unwanted disruption or denial of service
• Abuse or misuse of a system or data in violation of policy
The portal covers more than just cyber incidents. Users can also report malware, software vulnerabilities, threat indicators and government website vulnerabilities. One exception to what can be reported from the CISA Services Portal: Users reporting a cyberattack on the critical infrastructure are instructed to follow a different submission link per CIRCIA requirements.
When you click on the link to report an incident, it will walk you through the process, from identification of the organization to detailed incident description to the technical aspects associated with the incident.
What makes this portal different
There are a lot of different breach reporting portals and websites out there, so what makes CISA’s different? First, it is completely voluntary and open to all entities across the country to use, but it is also a stand-alone government portal. It does not replace any reporting processes required by federal, state, local and/or industry regulations. An organization required to report a breach to the FTC or FCC, for example, will still have to follow those procedures.
Reporting can be done on behalf of an organization or by an individual user. Users can set up an account and use the portal to chat with CISA about their cybersecurity questions and concerns. Reports filed can be saved, updated and shared.
What truly makes CISA’s portal unique is the agency’s ability to assist in an organization’s incident response and recovery efforts. This is especially vital for small and medium-sized businesses that may not have the resources to mitigate an incident efficiently.
Again, even though reporting to CISA is not mandatory, the agency encourages all organizations and entities to voluntarily report cyber incidents or anomalous activity. CISA does ask anyone reporting an incident to have as much information as possible about the breach and mitigation efforts. The agency has produced a guide to help victims prepare to make their reports.
“Any organization experiencing a cyberattack or incident should report it – for its own benefit and to help the broader community. CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene in a formal statement covering the portal’s announcement.