The Cybersecurity and Infrastructure Security Agency (CISA) announced its Voluntary Cyber Incident Reporting portal is now live. This portal is part of an ongoing effort to support cyber incident reporting, providing users with resources to help them understand who should report cyber events, when and why these incidents should be reported, what to report, and how to report. Additionally, CISA is providing resources to help entities reduce cyber risk. 

Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start, comments, “The launch of CISA’s Voluntary Cyber Incident Reporting portal marks a critical step in enhancing the United States’ cybersecurity efforts by encouraging organizations to report incidents proactively. This portal addresses the long-standing challenge of underreporting, driven by concerns over reputational damage and regulatory repercussions. By offering a secure and voluntary reporting mechanism, CISA aims to collect real-time data that will improve threat intelligence and incident response. 

“The portal fosters trust between the public and private sectors, making entities more likely to participate and share valuable information. The necessity of this portal is underscored by the increasingly complex cyber threat landscape, where timely reporting can significantly impact national security. Additionally, the portal may influence future regulatory frameworks, encouraging organizations to report incidents now to stay ahead of potential compliance requirements. Overall, this tool is crucial for improving both immediate responses to cyber incidents and long-term strategic planning.” 

Although this portal by the CISA is intended to improve incident reporting, some security experts question how effective it will truly be. Heath Renfrow, Co-founder or Fenix24, remarks, “I appreciate what CISA is trying to do. With the majority of cyberattacks never being publicly disclosed, there is a lot of intelligence being missed. However, I do not believe there will be much use for this portal due to legal liability and reputational concerns. This database will be a big target for threat actors who want to embarrass the federal government. Imagine being able to breach a database where companies anonymously share their cyberattack details, and a threat actor threatening to leak that info to the world. The incident response community has all the same information CISA has and consists of the experts brought into cyber incidents (lawyers, data forensics, negotiations, communications and recovery). These are probably the partners CISA should be looking to for intelligence, rather than the everyday victim.”

Nonetheless, many security leaders believe this is a step in the right direction. Mr. Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens, states, “One of the key challenges we face is the lack of transparency amongst the affected organizations and the lack of clarity on how an attack happened and what could be done to address it foundationally. For example, when we reviewed the top 5 OT cyber-attacks, we realized that almost every company was compelled to shut down their systems as a first response, for some, it was planned, and for most others, it was the first thing their collective intelligence could think about. Today we know that if they had planned for cyber defense and become breach-ready by intelligently zoning and micro-segmenting, they could have continued business operations while quarantining the cyber-attack as a planned action. 

“We laud this initiative by CISA, and we hope that affected organizations can learn from each other to form a larger community to build breach readiness as an inherent capability to take the first step to combat the cyber attacking economy. This initiative can succeed only if Federal and non-Federal agencies come together to build breach-ready cyber defense capabilities that can positively impact the economy, public health, and national security.”