1 rich Libsyn https://www.libsyn.com 300 600 &amp;nbsp;Cyber incident reporting is about to become mandatory for much of critical infrastructure—and the details are where the fight is. On February 26th, Frank Cilluffo spoke with Inside Cybersecurity managing editor Sara Friedman about CIRCIA’s proposed reporting rules, what industry says is overbroad, and why the 72-hour clock is hard in the real world. They also dig into overlap with other federal requirements, CISA’s capacity to execute the rulemaking, and what “getting it right” means for public-private trust. The conversation then pivots to NIST, AI agent standards, and how Washington is balancing innovation, security, and competitiveness. Main Topics Covered What CIRCIA is designed to do. Who’s covered and what counts as reportable. The practical challenge of determining incident facts within 72 hours. Duplication concerns across rules, including SEC cyber disclosure timelines. Whether CISA has the staffing and leadership capacity to deliver. NIST’s role in AI agent standards and broader cyber “rules of the road.” Key Quotes “CISA was supposed to have voluntary partnerships… And with this new role, CISA is moving into more of a regulator role.” —Sara Friedman “This rulemaking, when it was put out, it's over 400 pages. There's a lot in there.” — Sara Friedman “House Homeland Security Chairman Andrew Garbarino threatened to, if the rulemaking does not meet congressional intent…to potentially roll this back.” — Sara Friedman “When there's a large attack on critical infrastructure, it just seems to wake up lawmakers in some ways that they need to be able to do something.” —Sara Friedman “They've shed about a third of their workforce…One of the questions is, does CISA have the capacity that they need for this rulemaking and to do it effectively? —Sara Friedman Relevant Links and Resources CIRCIA town halls scheduled for March: https://insidecybersecurity.com/share/17759 When the CIRCIA NPRM was published: https://insidecybersecurity.com/share/15688 RSA 2024 panel on the rulemaking: https://insidecybersecurity.com/share/15832 NIST launches AI Agent Standards initiative: https://insidecybersecurity.com/share/17775 NIST AI security request for information: https://insidecybersecurity.com/share/17654 NIST work on an AI profile for the Cybersecurity Framework: https://insidecybersecurity.com/daily-news/stakeholders-weigh-ai-considerations-cybersecurity-nist-workshop-draft-framework-profile Guest Bio Sara Friedman is the managing editor of Inside Cybersecurity and has covered federal cybersecurity policy for years, including CIRCIA, NIST standards, and related rulemakings. Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure https://mccraryinstitute.com/podcast/ <iframe title="Libsyn Player" style="border: none" src="//html5-player.libsyn.com/embed/episode/id/40297565/height/300/theme/custom/thumbnail/yes/direction/forward/render-playlist/no/custom-color/88AA3C/" height="300" width="600" scrolling="no" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe> https://assets.libsyn.com/secure/content/199168675