CISA has released a new webpage and fact sheet—CFATS: Reporting Cyber Incidents—to help high-risk chemical facilities identify critical cyber systems and know how and when to report significant cyber incidents under Risk-Based Performance Standard (RBPS) 8 – Cyber and RBPS 15 – Reporting of Significant Security Incidents.
Once a cyber incident has been detected and response measures in the facility’s security plan have been initiated, high-risk facilities are required to report significant cyber incidents to CISA via CISA Central (firstname.lastname@example.org) in accordance with their Site Security Plan (SSP) or Alternative Security Program (ASP). When contacting CISA Central, facilities should indicate they are “critical infrastructure” and within the Chemical Sector. Facilities should also include a description of the incident, indicate that they are regulated under CFATS, and include the facility identification number (i.e., FID) issued to them by CISA when they registered their facility in the Chemical Security Assessment Tool (CSAT).
Sharing information about cyberattacks is integral as warnings of attacks, incidents, and network abnormalities can prevent additional attacks, reduce the number of victims, and lessen the impact to the industry at-large.
If you have any questions, please contact your local Chemical Security Inspector (CSI) or email CFATS@hq.dhs.gov.