Cyber Incident Reporting: i2Coalition Calls for CISA to Advance a Coherent Multistakeholder Approach to CIRCIA’s DNS Exception

A key element of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) enacted in the U.S. is the requirement for covered critical infrastructure sectors—including Internet infrastructure providers—to quickly report, subject to certain exceptions, significant cyber incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA), a part of the U.S. Department of Homeland Security. CISA is now engaged in a comprehensive rulemaking to implement the details of that reporting across multiple sectors in pursuit of CIRCIA’s national security and safety objectives. 

The Internet Infrastructure Coalition (i2Coalition) champions a resilient multistakeholder approach to Internet governance, and fights to maintain that model against proposals for single-level and single-jurisdiction regulation so the Internet can continue to grow and adapt. To that end, we focused our July 3 rulemaking comments with CISA on the proposed implementation of the Domain Name System (DNS) Exception in CIRCIA and the related policy and legal questions that CISA presented in the rulemaking text which are unique to the DNS community.

The overarching points in i2Coalition’s comments are as follows:

• The multistakeholder model of Internet governance should direct the DNS Exception implementation.
• A global DNS reporting process can be created within the existing ICANN governance framework.
• CISA should apply the DNS Exception criteria coherently and consistently.

The i2Coalition comments underscored that DNS registry and registrar functions are global and are already clearly governed by ICANN. A coherent and consistent approach to CIRCIA implementation requires that DNS registry and registrar functions should be exempted from CISA reporting because they are in the scope of the statutory DNS Exception.

You can read the full text of the i2Coalition’s comments on CIRCIA below.

CIRCIA Proposed Rule i2Coalition Comments 7.3.24.docx (5)

About the i2Coalition

The Internet Infrastructure Coalition (i2Coalition) ensures that those who build the infrastructure of the Internet have a voice in public policy. With more than 100 member brands, we are a leading voice for web hosting companies, data centers, domain registrars and registries, cloud infrastructure providers, managed services providers, and related tech. We protect innovation and the continued growth of the Internet’s infrastructure which is essential to the global economy. 

For more in-depth updates on Internet policy, including issues that impact your Internet infrastructure organization, please contact us about joining the i2Coalition.