
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released proposed regulations requiring covered critical infrastructure owners and operators to disclose cybersecurity and ransomware incidents. The 447-page notice of proposed rulemaking, which will be formally published in the Federal Register on April 4, kicks off a 60-day period of comment before CISA is required to publish a final rule in 18 months. The pending regulations are mandated by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which President Biden…