Heather Hogsett, Senior Vice President of Technology and Risk Strategy for BITS, testified before the House Subcommittee on Cybersecurity and Infrastructure Protection regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). In her remarks, Hogsett called for significant changes to the proposed rule to enhance its effectiveness for both the government and industry.
Hogsett emphasized the need for revisions in the proposed rule, stating, “CISA should rewrite its proposed rule to avoid collecting more data than necessary and requiring cyber defenders to spend their time filing reports rather than protecting America’s financial system.” She highlighted the importance of moving away from reporting for the sake of reporting and towards providing timely and actionable alerts to strengthen national security and safeguard the financial system.
The recommendations put forth by Hogsett include raising the reporting standards to prevent over-reporting, developing the capabilities to analyze and interpret data for timely threat mitigation, and ensuring the protection and careful sharing of sensitive information collected by CISA.
Furthermore, Hogsett urged Congress to address the Securities and Exchange Commission’s cyber incident disclosure rule, which she believes undermines the goals of CIRCIA. She emphasized the risks associated with premature disclosure of threats by companies, which can expose them to additional harm and increase the spread of contagion across sectors.
The Bank Policy Institute, represented by Hogsett, is a nonpartisan group that advocates for the financial services industry on cybersecurity and fraud issues. For those interested in accessing a copy of the testimony, more information can be found on their website.