September 30, 2024 By Sue Poremba 2 min read

Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal.

“The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information
on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement.

“Reported incidents enable CISA and our partners to help victims mitigate the effects, limit the ability of malicious actors to use the same techniques to execute multiple intrusions and better understand the scale of adversary campaigns. Information sharing not only helps the victim but other potential victims as well,” the spokesperson added.

How the portal works

CISA uses NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide, to provide guidance on how to define a cyber incident. These include:

•    Attempts to gain unauthorized access to a system or its data
•    Unwanted disruption or denial of service
•    Abuse or misuse of a system or data in violation of policy

The portal covers more than just cyber incidents. Users can also report malware, software vulnerabilities, threat indicators and government website vulnerabilities. One exception to what can be reported from the CISA Services Portal: Users reporting a cyberattack on the critical infrastructure are instructed to follow a different submission link per CIRCIA requirements.

When you click on the link to report an incident, it will walk you through the process, from identification of the organization to detailed incident description to the technical aspects associated with the incident.

What makes this portal different

There are a lot of different breach reporting portals and websites out there, so what makes CISA’s different? First, it is completely voluntary and open to all entities across the country to use, but it is also a stand-alone government portal. It does not replace any reporting processes required by federal, state, local and/or industry regulations. An organization required to report a breach to the FTC or FCC, for example, will still have to follow those procedures.

Reporting can be done on behalf of an organization or by an individual user. Users can set up an account and use the portal to chat with CISA about their cybersecurity questions and concerns. Reports filed can be saved, updated and shared.

What truly makes CISA’s portal unique is the agency’s ability to assist in an organization’s incident response and recovery efforts. This is especially vital for small and medium-sized businesses that may not have the resources to mitigate an incident efficiently.

Again, even though reporting to CISA is not mandatory, the agency encourages all organizations and entities to voluntarily report cyber incidents or anomalous activity. CISA does ask anyone reporting an incident to have as much information as possible about the breach and mitigation efforts. The agency has produced a guide to help victims prepare to make their reports.

“Any organization experiencing a cyberattack or incident should report it – for its own benefit and to help the broader community. CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene in a formal statement covering the portal’s announcement.

More from News

CISA warns about credential access in FY23 risk & vulnerability assessment

3 min read - CISA released its Fiscal Year 2023 (FY23) Risk and Vulnerability Assessments (RVA) Analysis, providing a crucial look into the tactics and techniques threat actors employed to compromise critical infrastructure. The report is part of the agency’s ongoing effort to improve national cybersecurity through assessments of vulnerabilities in key sectors. Meanwhile, IBM’s X-Force Threat Intelligence Index 2024 has identified credential access as one of the most significant risks to organizations. Both reports shed light on the persistent and growing threat of…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Are new gen AI tools putting your business at additional risk?

3 min read - If you're wondering whether new generative artificial intelligence (gen AI) tools are putting your business at risk, the answer is: Probably. Even more so with the increased use of AI tools in the workplace. A recent Deloitte study found more than 60% of knowledge workers use AI tools at work. While the tools bring many benefits, especially improved productivity, experts agree they add more risk. According to the NSA Cybersecurity Director Dave Luber, AI brings unprecedented opportunities while also presenting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today