AGA Files Comments on Department of Homeland Security Cyber Incident Reporting Proposed Rule 

WASHINGTON – The American Gas Association (AGA), in collaboration with other energy trade associations, has submitted comments in response to the Proposed Rule related to the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) reporting requirements released by the Cybersecurity and Infrastructure Security Agency (CISA) on April 4, 2024. These comments commend CISA for its focus on cybersecurity incidents that ‘actually jeopardize’ systems and provide recommendations to refine the reporting requirements.  

“We recognize the criticality of our infrastructure and that it is an attractive target for bad actors,” said AGA VP, Security and Operations Kimberly Denbow. “The preliminary hours of a confirmed cyber incident that actually jeopardizes our critical systems is crucial. Our comments focus on ensuring the reporting requirements meet the needs of the federal government but do not hinder our mitigation and response efforts.” 

To maximize the utility of the CIRCIA program, the comments recommend that CISA: 

Adopting these recommendations would enhance the effectiveness of the CIRCIA program and help ensure the program addresses high risk cybersecurity threats without imposing unnecessary burdens on critical infrastructure entities. AGA looks forward to continued collaboration with CISA on this issue. AGA’s full comments can be accessed here