CISA to host industry feedback sessions on cyber incident reporting regulation | CyberScoop<\/title> <meta name=\"description\" content=\"CISA announces sector-by-sector sessions to refine CIRCIA rules. Industry sources have voiced concerns over the delay and lack of dialogue.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-circia-town-halls-cyber-incident-reporting-rule\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA to host industry feedback sessions on cyber incident reporting regulation\"> <meta property=\"og:description\" content=\"CISA announces sector-by-sector sessions to refine CIRCIA rules. Industry sources have voiced concerns over the delay and lack of dialogue.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-circia-town-halls-cyber-incident-reporting-rule\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-12T17:09:53+00:00\"> <meta property=\"article:modified_time\" content=\"2026-02-12T17:12:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1438\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770755286g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87763\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87763\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-circia-town-halls-cyber-incident-reporting-rule%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-circia-town-halls-cyber-incident-reporting-rule%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87763 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-circia-town-halls-cyber-incident-reporting-rule\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.949494949495\">\n<div class=\"single-article__header-content\" readability=\"33.486486486486\">\n<p> One industry official told CyberScoop the town halls are probably not what CIRCIA needs right now. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87763\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"479\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation.jpg?resize=640%2C479&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=768,575 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=1024,767 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=1536,1150 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=600,449 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=450,337 450w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=901,675 901w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-2.jpg?resize=1126,843 1126w\" sizes=\"(max-width: 901px) 100vw, 901px\"><figcaption> liu mingzhu, Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"25.527500804117\"><body readability=\"53.210720887246\"><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency will hold sector-by-sector town halls in the coming weeks to get feedback on a stalled regulation requiring critical infrastructure owners and operators to report when they suffer major cyberattacks.<\/p>\n<p><a href=\"https:\/\/public-inspection.federalregister.gov\/2026-02948.pdf\">The meeting dates<\/a>, set to be published in the Federal Register Friday, would \u201callow external stakeholders a limited additional opportunity to provide input on refining the scope and burden\u201d of a proposed rule that CISA is advancing as part of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) that Congress enacted in 2022.<\/p>\n<p>That law requires critical infrastructure owners and operators to notify CISA within 72 hours when they are hit with a significant cyberattack and within 24 hours when they make a ransomware payment.<\/p>\n<p>But defining what entities the law would specifically cover and how has been a <a href=\"https:\/\/cyberscoop.com\/cisa-circia-critical-infrastructure-reporting-letter\/\">point of contention<\/a>. The Trump administration moved a deadline to complete the rule last year, saying it would <a href=\"https:\/\/cyberscoop.com\/cisa-pushes-final-cyber-incident-reporting-rule-to-may-2026\/\">delay finalizing the rule<\/a> until May.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Among the specific topics CISA wants comment on during the virtual town halls are proposed sector-based criteria for whom the regulations apply to; how to handle small businesses; how to consider chemical plants in light of a <a href=\"https:\/\/www.meritalk.com\/articles\/cisa-chief-nations-chemical-security-posture-at-risk\/\">chemical plant security law<\/a> lapsing; the list of example incidents that would meet the law\u2019s reporting requirements; and how to reduce conflicts with existing regulations.<\/p>\n<p>After the sector-by-sector meetings, CISA would hold general sessions on March 31 and April 2.<\/p>\n<p>One industry source, granted anonymity to speak candidly, said they weren\u2019t aware the additional sessions were coming until Thursday\u2019s Federal Register notice and it \u201cwould have been nice\u201d to know it was coming.<\/p>\n<p>They also told CyberScoop they weren\u2019t sure the town halls were what CIRCIA needed right now.<\/p>\n<p>\u201cIndustry has already been very vocal about what we think needs to be addressed in the final rule,\u201d the source said. \u201cWe want some back and forth, give and take to better understand what CISA may view as its limitations in implementing the rule.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAnd to me, a town hall where you\u2019re asking for more input isn\u2019t what we need at this point. We want a dialogue,\u201d they said.<\/p>\n<p>Speaking to reporters at a conference last week about the timeline on CIRCIA releasing a final rule, CISA official Nick Andersen said that \u201cI think that we\u2019ll have some news on CIRCIA in pretty short order in the next couple of weeks, hopefully.\u201d Andersen, executive assistant director for cybersecurity at the agency, said he couldn\u2019t say more at the time on whether CISA would continue the existing rulemaking process or undertake a new one.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-circia-town-halls-cyber-incident-reporting-rule\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA to host industry feedback sessions on cyber incident reporting<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5937,1794,452,117,439,46,817,3600],"tags":[5938,1795,454,119,443,54,821,3603],"class_list":["post-8346","post","type-post","status-publish","format-standard","hentry","category-chemical-plants","category-circia","category-cybersecurity-and-infrastructure-security-agency-cisa","category-government","category-policy","category-ransomware","category-regulation","category-small-business","tag-chemical-plants","tag-circia","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-government","tag-policy","tag-ransomware","tag-regulation","tag-small-business"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chemical-plants\/\" rel=\"category tag\">chemical plants<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/circia\/\" rel=\"category tag\">CIRCIA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/regulation\/\" rel=\"category tag\">regulation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/small-business\/\" rel=\"category tag\">small business<\/a>","tag_info":"small business","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8346"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8346\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8346,"date":"2026-02-12T11:09:53","date_gmt":"2026-02-12T17:09:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87763"},"modified":"2026-02-12T11:09:53","modified_gmt":"2026-02-12T17:09:53","slug":"cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/12\/cisa-to-host-industry-feedback-sessions-on-cyber-incident-reporting-regulation\/","title":{"rendered":"CISA to host industry feedback sessions on cyber incident reporting regulation"},"content":{"rendered":"