CISA delays cyber incident reporting town halls due to shutdown - Federal News Network
Federal News Network
Archived Jun 10, 2026
✓ Full text saved
CISA delays cyber incident reporting town halls due to shutdown Federal News Network
Full text archived locally
CYBERSECURITY
CISA delays cyber incident reporting town halls due to shutdown
CISA had been planning to hold the town halls starting on Monday. The shutdown is "likely" to also delay issuance of the final cyber incident reporting rule.
Justin Doubleday@jdoubledayWFED
March 9, 2026 2:25 pm
The Cybersecurity and Infrastructure Security Agency is postponing meetings with industry on a forthcoming cyber incident reporting rule due to the ongoing Department of Homeland Security shutdown.
The shutdown is also “likely” to delay the final Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule, CISA confirmed today.
In a notice posted to its website, CISA said it won’t be able to hold planned town halls on CIRCIA due to the lapse in appropriations. The town halls were scheduled for today, March 9, through early April.
Nick Andersen, acting CISA director, blamed the postponement on the “Democrats’ shutdown of DHS” in a statement provided to Federal News Network. The DHS-specific shutdown began on Feb. 14 over disagreements between Senate Democrats and the White House over immigration enforcement reforms.
Join us June 10 and 11 for Federal News Network's Cloud Exchange where agency and industry leaders will discuss a whole-of-government approach to cloud modernization. Register today!
“Once the appropriations lapse has concluded, CISA will issue an updated notice with a revised town hall schedule and share the schedule on cisa.gov/circia,” Andersen said. “The continued delays associated with the shutdown will likely result in a delay to the issuance of the final rule.”
CISA had planned on hosting a series of virtual meetings with specific industry sectors, as well as two general meetings, starting today, March 9, through early April.
The meetings were expected to give representatives from across critical infrastructure sectors, as well as other members of the public, a chance to provide CISA with more feedback on the landmark CIRCIA rules.
The reporting rules will apply across 16 critical infrastructure sectors, ranging from electric utilities and water systems to hospitals and chemical facilities. Under the regulations, entities will have to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.
CISA issued proposed regulations in 2024 under the Biden administration. Last year, the Trump administration delayed issuance of the final CIRCIA rule to get more feedback on the regulations.
When announcing the town halls in February, CISA said the engagements would provide a “a limited additional opportunity to provide input on refining the scope and burden” of the rule.
In a Feb. 17 note to clients, lawyers with Mayer Brown wrote that the rulemaking “has significant implications for companies across many sectors,” adding that “companies would be wise to view this notice as a signal that the CIRCIA rulemaking is moving forward once more.”
Sign up for our daily newsletter so you never miss a beat on all things federal
“Companies should be prepared to revisit their assessments of CIRCIA’s potential impact on their cyber incident response processes to ensure that they are well-positioned to respond if CISA does go forward with a final rule in the coming months,” they wrote.
Many industry groups had criticized CISA’s proposed rule for being too broad in defining what organizations should report cyber incidents to CISA. In the NPRM, the agency estimated the rules will apply to about 300,000 organizations across the country.
Caleb Skeath, a partner at the law firm Covington, said CISA is trying to strike the right balance when it comes to defining which organizations should have to report cyber incidents to the agency.
“Part of the reasoning and thinking for getting this information through an incident reporting requirement is to give CISA a certain degree of visibility across the threat ecosystem, so it’s not necessarily with as much of an enforcement focus as some of the other cyber incident reporting frameworks that we see,” Skeath told Federal News Network. “In that regards, it’s understandable there might be an interest in going fairly broad.”
But, Skeath added, that can be “a double edged sword in certain respects, because if you go too broad, you might end up with more information than you can readily process or absorb.”
Many organizations also criticized how the proposed rule defines a “substantial cyber incident” that must be reported to CISA within 72 hours. The American Hospital Association, for instance, called the rule’s definition “ambiguous, confusing and does not adequately consider the operational realities or complex interconnectedness of the field.”
In the Federal Register notice announcing the town halls, CISA acknowledged issues like the scope of entities covered by the rule and what exactly constitutes a covered cyber incident as “topics of interest” for the upcoming discussions.
“CISA welcomes any specific, actionable improvements that CISA could implement in the final rule to clarify or reduce burden of CIRCIA’s regulatory requirements while enhancing the federal government’s visibility into the cyber threat landscape for critical infrastructure sectors,” CISA wrote in the Federal Register notice.
Read more: Cybersecurity
Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Justin Doubleday
Justin Doubleday covers cybersecurity, homeland security and the intelligence community for Federal News Network.
Follow @jdoubledayWFED
Sign up for breaking news.
Related Stories
Getty Images/amgun
Federal vulnerability management is stuck. A patch wave is coming anyway.
COMMENTARY
Read more
Getty Images/Alex Cristi
CISA chief details hiring progress, AI BOD
CYBERSECURITY
Read more
Republican senators warn surveillance program may lapse after Trump intel pick backlash
CYBERSECURITY
Read more
Related Topics
ALL NEWS CYBER INCIDENT REPORTING FOR CRITICAL INFRASTRUCTURE ACT CYBERSECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY DEPARTMENT OF HOMELAND SECURITY GOVERNMENT SHUTDOWN NICK ANDERSEN TECHNOLOGY
Around the Web
UPCOMING EVENTS
Federal News Network’s Cloud Exchange 2026
Maximizing Your Federal Retirement Benefits (LIVE EVENT)
Federal capital projects: Strategies for next-generation infrastructure and accountability
Billington CyberSecurity Cyber and AI Outlook Series Episode 6: Securing AI for National Security: Defending Federal and Military AI Systems from Emerging Cyber Threats
Accelerating mission success with strategic AI adoption
More
TOP STORIES
Federal science agencies facing a ‘generational loss,’ nonprofit says
WORKFORCE
GSA reexamining data that shows no building is meeting minimum occupancy target
FACILITIES/CONSTRUCTION
OPM details changes for federal employees in Schedule Policy/Career
WORKFORCE
CISA chief details hiring progress, AI BOD
CYBERSECURITY
VA EHR rollout continues with 4 more deployments
IT MODERNIZATION
HASC challenges Trump's EO ending bargaining rights for DoD workers
CONGRESS