221114 CIRCIA RFI USCC Comments Final
Vice President, Cybersecurity Policy Cyber, Intelligence, and Security Division U.S. Chamber of Commerce
Published
November 16, 2022
November 14, 2022
The Honorable Jen Easterly
Director
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Washington, DC 20528
Dear Director Easterly:
Re: Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Docket No. CISA-2022-0010)
The U.S. Chamber of Commerce welcomes the opportunity to comment on the Cybersecurity and Infrastructure Security Agency’s (CISA’s) request for information (RFI) on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). We appreciate the engagement that CISA has had with the Chamber on this law and the forthcoming rule.1
The Chamber especially recognizes CISA’s engagement with industry on a number of the programmatic details, such as the definitions and the contents of reports. CISA’s recent outreach to the business community has incorporated nearly a dozen public listening sessions—including in Salt Lake City and Kansas City—to receive input on the best approaches to implementing various aspects of the agency’s new regulatory authority under CIRCIA.2
The Chamber does not attempt to address each question in the RFI, which covers an array of topics that will take more time than the comment period to fully consider and offer a response. Instead, we offer input on key themes and specific issues (e.g., see Appendix I) that tend to be spotlighted by several industry organizations.
Thank you for the opportunity to provide CISA with comments on the proposed rule. If you have any questions or need more information, please do not hesitate to contact Matthew Eggers (meggers@uschamber.com).
Sincerely,
Matthew J. Eggers
Vice President
Cyber, Space, and National Security Policy Division
U.S. Chamber of Commerce
221114 CIRCIA RFI USCC Comments Final
About the authors
Matthew J. Eggers
Matthew J. Eggers is vice president of cybersecurity policy in the Cyber, Intelligence, and Security division at the U.S. Chamber of Commerce.