The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new streamlined cyber incident reporting portal featuring enhanced reporting and security features, as well as a new “collaboration” function that allows users to have informal discussions with CISA.
The CISA Services Portal, announced on Aug. 29, is part of CISA’s ongoing effort to improve cyber incident reporting, the agency said.
“Any organization experiencing a cyberattack or incident should report it – for its own benefit, and to help the broader community. CISA and our government partners have unique resources and tools to aid with response and recovery, but we can’t help if we don’t know about an incident,” Jeff Greene, the executive assistant director for cybersecurity at CISA, said in a statement.
“Sharing information allows us to work with our full breadth of partners so that the attackers can’t use the same techniques on other victims, and can provide insight into the scale of an adversary’s campaign,” the statement continued.
The portal includes integration with Login.gov credentials, providing “enhanced functionality” for users. It also allows users to save and update reports, share reports with third parties, and search and filter reports. An additional collaboration feature allows users to speak informally with CISA.
Users can submit reports on incidents, phishing attempts, malware, and vulnerabilities according to the portal.
CISA has also released a voluntary cyber incident reporting resource to accompany the launch of the portal to help those considering submitting a report “understand ‘who’ CISA recommends report an incident, ‘why and when’ CISA recommends they report, as well as ‘what and how to report.’”
“Our lives and our work have become increasingly digitized,” the resource states. “Today, nation-state backed cyber actors, cybercriminals, and other threat actors have much wider opportunities to sneak into networks and steal or ransom sensitive information and critical data, position themselves to disrupt service at a time of their choosing, and otherwise wreak havoc.”
According to the resource, CISA requests that those using the portal be able to provide details on the impacted entity, incident description, vulnerabilities, tactics, impact, technical indicators, and mitigation steps when submitting a report.
The portal launch is part of CISA gearing up for its Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which will require organizations to report cyber incidents to CISA – currently all reports are voluntary. The rule must be finalized by October 2025 with organizations likely required to report incidents starting in early 2026.
The rule will require organizations across all critical infrastructure sectors to report incidents to CISA within 72 hours and ransomware attacks within 24 hours. Over 300,000 organizations will be required to submit reports once the act is finalized, according to CISA estimates.
