For years, CISA served as a meaningful resource for organizations outside the enterprise security tier — threat intelligence sharing, incident response support, vulnerability advisories, regional coordination, and cybersecurity assessments available at no cost to critical infrastructure operators and public sector entities. That resource base has eroded significantly, and the organizations that haven’t adjusted their programs…
The Cyber Incident Reporting for Critical Infrastructure Act has been in a holding pattern since CISA missed its original October 2025 deadline. The final rule is now expected in May 2026. If you’ve been treating CIRCIA as a future problem, that window is closing fast. RSA This post isn’t about what CIRCIA says in theory.…