CISA faces resource challenge in implementing cyber reporting rules | CyberScoop<\/title> <meta name=\"description\" content=\"The Cybersecurity and Infrastructure Security Agency\u2019s reporting requirements represent a sea change for when private entities will have to report cybersecurity incidents.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-circia-cyber-incident-reporting\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA faces resource challenge in implementing cyber reporting rules\"> <meta property=\"og:description\" content=\"The Cybersecurity and Infrastructure Security Agency\u2019s reporting requirements represent a sea change for when private entities will have to report cybersecurity incidents.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-circia-cyber-incident-reporting\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-04-02T18:48:01+00:00\"> <meta property=\"article:modified_time\" content=\"2024-04-02T19:00:46+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712084562g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1710965597g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711866546g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79968\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79968\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-circia-cyber-incident-reporting%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-circia-cyber-incident-reporting%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79968 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-circia-cyber-incident-reporting\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.370535714286\">\n<div class=\"single-article__header-content\" readability=\"29.895470383275\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> The Cybersecurity and Infrastructure Security Agency\u2019s reporting requirements represent a sea change for when private entities will have to report cybersecurity incidents. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Light trails on black background. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"75.809840425532\"><body readability=\"153.95958607188\"><\/p>\n<p>After the Cybersecurity and Infrastructure Security Agency\u2019s 447-page proposal for when critical infrastructure entities will have to report breaches landed with a heavy thud last week, experts say that now comes the hard work of figuring out whether the agency has the resources it needs to implement the requirement and digesting the huge amount of data it is about to receive. <\/p>\n<p>Thursday\u2019s <a href=\"https:\/\/cyberscoop.com\/cisa-cyber-incident-reporting-critical-infrastructure\/\">notice of proposed rulemaking<\/a> sets the stage for a landmark shift in how the U.S. government understands the prevalence and severity of cybersecurity incidents. <\/p>\n<p>The Cyber Incident Reporting for Critical Infrastructure Act of 2022 creates for the first time requirements for critical infrastructure owners and operators to notify the government when they have been breached. The proposed rules represent CISA\u2019s guidelines for how and when incidents are reported. <\/p>\n<p>\u201cWe\u2019re in a world where you can have reputable companies issue reports very close in time that show different trends and both of them being right because it\u2019s based on the data they have. That\u2019s a bad place to be because it means that you don\u2019t really have ground truth,\u201d said Michael Daniel, president and CEO of the Cyber Threat Alliance.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Questions like whether the number of ransomware attacks are increasing or decreasing depend on which organization is providing the information and which networks, clients, and datasets they can access. That may work fine for a single company, but when it comes to policy decisions from governments, a patchwork of information is not ideal.<\/p>\n<p>On its face, incident reporting is a seemingly simple request \u2014 certain organizations need to report to CISA if a drastic enough cyber incident occurs \u2014 but the particulars of implementing such a requirement are staggeringly complex. The proposed rules are rife with exceptions, definitions, and rules that are going to face intense scrutiny by the companies that own and operate critical infrastructure. <\/p>\n<p>Beginning this Thursday, industry groups have 60 days to comment on the proposed rules, and one area likely to face particular scrutiny is how CISA defines who is covered by the rules and what defines a reportable incident. <\/p>\n<p>Caleb Skeath, a partner at the law firm Covington & Burling who advises clients on incident response, said \u201cthere is not necessarily bright line differentiators between what is and what is not a covered cyber incident.\u201d<\/p>\n<p>\u201cA lot of these prongs or criteria refer to substantial losses of confidentiality, integrity, or availability or serious impact on safety and resiliency. A lot of that can be in the eye of the beholder and it could be a difficult judgment call to make in the heat of the moment,\u201d Skeath said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Privately, critical infrastructure officials say they are still trying to digest the lengthy proposed rules and attempting to make sense of a huge document. <\/p>\n<p>And experts see the current moment as one in which both the private sector and CISA need to prepare for a set of rules that are going to have a major impact on the work of both government cybersecurity workers and infrastructure owners and operators. <\/p>\n<p>\u201cWe have 18 months before this is going to come into effect. In those 18 months, I think CISA and the private sector need to see this as a ramping-up period,\u201d said Elizabeth Vish, senior director for international cyber engagement at the Institute for Security and Technology.<\/p>\n<p>Infrastructure operators, especially those who currently don\u2019t have a reporting mandate, need to ensure they can quickly report an incident with as much correct information as possible \u2014 while under the duress of attack. <\/p>\n<p>\u201cOn the other side, CISA needs to use these 18 months to build up their capacity to take in information, analyze it, anonymize it, draw out the useful, most important lessons and figure out how to push that information out in a way that helps defend critical infrastructure,\u201d Vish said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CISA already gathers and shares information from industry, but CIRCIA\u2019s reporting requirements will create a massive increase in the information collected by the agency. Analyzing that data and reporting it back out in an actionable way to an industry that has long been skeptical of the quality of information supplied by the federal government represents a major challenge. <\/p>\n<p>\u201cCISA is going to have to do a good job of publishing aggregate statistical data from this,\u201d Daniel said. \u201cThey\u2019re going to have to treat this like they are a statistical agency, in the sense of producing a lot of reports and making it very transparent.\u201d<\/p>\n<p>The agency expects to receive around 25,000 incident reports annually, but due to the lack of quality cybersecurity data, it is difficult to assess the accuracy of that estimate. <\/p>\n<p>The ruling also represents CISA\u2019s first foray into taking on a regulatory role that it has long resisted, a development that may test the collaborative relationships that currently underlie much of the agency\u2019s work. <\/p>\n<p>\u201cI think they can keep the relationships they\u2019re trying to grow, but they have to show utility from what they get the information for,\u201d said Ari Schwartz, managing director of cybersecurity services at Venable LLP and the coordinator for the Cybersecurity Coalition, an industry group. \u201cIf it\u2019s going to be more of the same, there is going to be a lot of skepticism.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ingesting and analyzing incident data may prove challenging to CISA due to recent budget constraints. The agency is increasingly becoming a target for far-right conspiracies and faces <a href=\"https:\/\/www.meritalk.com\/articles\/cisa-taking-34m-budget-slash-for-fy2024\/problem.\">a funding shortfall<\/a> on its CIRCIA-related work. <\/p>\n<p>\u201cI think that there is a question as to whether they really do have the right resources now and have enough money to build the resources to be able to do the analysis that they\u2019re going to need to do in order to make a difference,\u201d Schwartz said.<\/p>\n<p>In a briefing with reporters last week after the release of the proposed rules, a CISA official acknowledged the agency\u2019s funding challenges, saying that the budget for CIRCIA \u201ccame in a little less than our request \u2026 so we\u2019ll be working through exactly what that means.\u201d The official added that they expect CISA to be able to implement the reporting requirements with the funds available.<\/p>\n<p>Among the unanswered questions related to the rule is how CISA plans to use incident reporting data to inform its response work of identifying and mitigating breaches. The proposed rules include references to incident response and mitigation, but it is not clear how CISA plans to approach that issue. <\/p>\n<p>CTA\u2019s Daniel said CISA needs to have a process to filter out potential incident response requests so the agency is not expected to be involved in every incident and only responds to those that reach a certain threshold.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe resource issues are real,\u201d Daniel said. \u201cThat is probably going to be a process in the works \u2014 how you triage through these reports to actually figure out which ones actually require direct government intervention, or attention to, versus just being part of the broader pool of information.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3695652173913\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-circia-cyber-incident-reporting\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA faces resource challenge in implementing cyber reporting rules |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1794,452,293,117,962,439],"tags":[1795,454,299,119,963,443],"class_list":["post-2835","post","type-post","status-publish","format-standard","hentry","category-circia","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-government","category-incident-reporting","category-policy","tag-circia","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-government","tag-incident-reporting","tag-policy"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/circia\/\" rel=\"category tag\">CIRCIA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/incident-reporting\/\" rel=\"category tag\">incident reporting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a>","tag_info":"Policy","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2835"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2835\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2835,"date":"2024-04-02T13:48:01","date_gmt":"2024-04-02T18:48:01","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79968"},"modified":"2024-04-02T13:48:01","modified_gmt":"2024-04-02T18:48:01","slug":"cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/02\/cisa-faces-resource-challenge-in-implementing-cyber-reporting-rules\/","title":{"rendered":"CISA faces resource challenge in implementing cyber reporting rules"},"content":{"rendered":"