New
collection (Request for a new OMB Control Number)
No
Emergency
06/30/2021
06/23/2021
Requested
Previously Approved
6 Months From Approved
1,184
0
296
0
0
0
The Pilot assists consumers and SMBs
by standardizing the reporting mechanism for cyber incidents and
providing a catalog of resources and a directory of relevant SLTT
entities to respond to cyber incidents. This Pilot will help ensure
SLTT agencies are better prepared to support consumers and SMBs
following a cyber incident. In addition, in coordination with pilot
partners, this Pilot will allow CISA to (1) identify the
effectiveness of using a standardized cyber incident reporting
form; (2) analyze incident trends and form suitability; and (3)
identify if the Pilot could be operationalized on a national level.
The SLTT Incident Collection Form is a voluntary form that will be
posted on fraudsupport.org which is a public facing website
operated by the Cybercrime Support Network (the organization
awarded a cooperative agreement to conduct the Pilot).
There has been a
quantifiable increase in scams and malicious activity with themes
related to Coronavirus Disease 2019 (COVID-19). Malicious cyber
actors are targeting individuals, small businesses, State, Local,
Tribal and Territorial (SLTT) governments, and other entities with
COVID-19-related scams and phishing campaigns. With the rollout of
the vaccine over the coming month, the scams and attacks have and
will get more significant and worse. CISA knows that most cyber
incidents go unreported, which is why we are exploring ways to
increase reporting through the Form. Currently the pilot’s form
will only include 5 states, but 1) for those states, only one of
which has a current statewide form, it will provide a way to
identify potential crimes so that law enforcement can take action
and 2) for CISA, it will provide critical information on the scope
and scale of attacks, not to mention changes in tactics by
malicious cyber actors, so that we can adjust our programs in the
short-term to help SLTTs address COVID-19 related and more general
cybersecurity issues. There is currently no standard mechanism by
which individuals and small businesses can report cyber incidents.
A primary result is an incomplete understanding of both the
totality of incidents and the tactics, techniques and procedures
deployed by malicious cyber actors. To begin to address this gap,
CISA launched the SLTT Incident Reporting and Threat Information
Sharing Pilot to advance nationwide cyber incident response
capabilities and efforts to respond to cyber incidents by
standardizing the reporting structure and mechanism. A cooperative
agreement was awarded to the Cybercrime Support Network to identify
ways to improve individual reporting of cyber incidents and the
delivery of assistance to victims. A primary objective is to
evaluate methods to standardize reporting structures and
mechanisms. CISA developed the Form as part of a prototype process
to voluntarily collect cyber incident information. As the data
collection mechanism, the Form provides a secure, standardized,
web-enabled means for individuals and small businesses to report
cyber incidents. The data collection phase of the pilot is only
expected to last for three months and will include up to 5 states.
CISA, through the awardee, will provide detailed incident data to
the appropriate state agencies for investigation. More broadly,
pilot participants will be provided generalized trend analysis to
help them better understand the increased vulnerabilities. CISA
will receive both generalized trend analysis and details on the
Form’s usability. CISA will not receive individual incident
reports. In addition to supporting SLTT agencies and CISA
addressing cyber incidents related to COVID-19, an added benefit of
expedited approval is that lessons learned from the pilot will be
incorporated into CISA’s standard PRA approval submission in the
future. This will make for a much more complete and informed
submission.
US Code:
6 USC 652(e)(1)(C) Name of Law: Cybersecurity and
Infrastructure Security Agency Act of 2018
PL: Pub.L. 115 - 278 Cybersecurity and
Infrastructu Name of Law: Cybersecurity and Infrastructure Security
Agency Act of 2018
US Code: 6 USC 652 Name of Law: Cybersecurity and Infrastructure
Security Agency
US Code: 6 USC 659 Name of Law: National cybersecurity and
communications integration center
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
1670 - NEW_SLTT Incident Collection_ACTNMEM_v10 eh.pdf
1670 - NEW_SLTT Incident Collection_SSA_v9.docx
SLTT Incident Form