{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":300,"width":600,"title":"The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman","description":" &amp;nbsp;Cyber incident reporting is about to become mandatory for much of critical infrastructure\u2014and the details are where the fight is. On February 26th, Frank Cilluffo spoke with Inside Cybersecurity managing editor Sara Friedman about CIRCIA\u2019s proposed reporting rules, what industry says is overbroad, and why the 72-hour clock is hard in the real world. They also dig into overlap with other federal requirements, CISA\u2019s capacity to execute the rulemaking, and what \u201cgetting it right\u201d means for public-private trust. The conversation then pivots to NIST, AI agent standards, and how Washington is balancing innovation, security, and competitiveness.  Main Topics Covered   What CIRCIA is designed to do.  Who\u2019s covered and what counts as reportable.  The practical challenge of determining incident facts within 72 hours.  Duplication concerns across rules, including SEC cyber disclosure timelines.  Whether CISA has the staffing and leadership capacity to deliver.  NIST\u2019s role in AI agent standards and broader cyber \u201crules of the road.\u201d   Key Quotes \u201cCISA was supposed to have voluntary partnerships\u2026 And with this new role, CISA is moving into more of a regulator role.\u201d \u2014Sara Friedman \u201cThis rulemaking, when it was put out, it's over 400 pages. There's a lot in there.\u201d \u2014 Sara Friedman \u201cHouse Homeland Security Chairman Andrew Garbarino threatened to, if the rulemaking does not meet congressional intent\u2026to potentially roll this back.\u201d \u2014 Sara Friedman \u201cWhen there's a large attack on critical infrastructure, it just seems to wake up lawmakers in some ways that they need to be able to do something.\u201d \u2014Sara Friedman \u201cThey've shed about a third of their workforce\u2026One of the questions is, does CISA have the capacity that they need for this rulemaking and to do it effectively? \u2014Sara Friedman Relevant Links and Resources CIRCIA town halls scheduled for March: https:\/\/insidecybersecurity.com\/share\/17759 When the CIRCIA NPRM was published: https:\/\/insidecybersecurity.com\/share\/15688 RSA 2024 panel on the rulemaking: https:\/\/insidecybersecurity.com\/share\/15832 NIST launches AI Agent Standards initiative: https:\/\/insidecybersecurity.com\/share\/17775 NIST AI security request for information: https:\/\/insidecybersecurity.com\/share\/17654 NIST work on an AI profile for the Cybersecurity Framework:  https:\/\/insidecybersecurity.com\/daily-news\/stakeholders-weigh-ai-considerations-cybersecurity-nist-workshop-draft-framework-profile  Guest Bio Sara Friedman is the managing editor of Inside Cybersecurity and has covered federal cybersecurity policy for years, including CIRCIA, NIST standards, and related rulemakings. ","author_name":"Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure","author_url":"https:\/\/mccraryinstitute.com\/podcast\/","html":"<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/40297565\/height\/300\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/88AA3C\/\" height=\"300\" width=\"600\" scrolling=\"no\"  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen><\/iframe>","thumbnail_url":"https:\/\/assets.libsyn.com\/secure\/content\/199168675"}