Scott Aronson emphasizes impact of CIRCEA at cybersecurity subcommittee hearing

The U.S. House Committee on Homeland Security convened on March 12, 2025, to discuss the critical topic of cyber regulatory harmonization, particularly focusing on the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCEA). The meeting featured testimony from key industry leaders, including Scott Aronson from the Edison Electric Institute, Heather Hogshead from the Bank Policy Institute, and others, who emphasized the importance of effective cybersecurity measures for the nation's critical infrastructure.

Aronson, serving as senior vice president for energy security at EEI, highlighted the significance of CIRCEA in enhancing the security of the energy sector. He noted that incident reporting is essential for identifying threats and mitigating risks across various sectors. Aronson urged the committee to ensure that the Cybersecurity and Infrastructure Security Agency (CISA) implements CIRCEA effectively, emphasizing the need for a finalized rule that aligns with congressional intent and incorporates industry feedback. He expressed concerns that the proposed rule could overburden even the most mature sectors if finalized without adjustments.

Hogshead echoed these sentiments, representing the interests of major financial institutions. She stressed the necessity for collaboration between industry and government to address cybersecurity threats while allowing teams to focus on immediate incident responses and the adoption of new technologies. Hogshead pointed out that current regulations often hinder these efforts, detracting from the essential work needed to protect vital infrastructure.

The discussions underscored a shared commitment among industry leaders to work with CISA and other stakeholders to refine cybersecurity regulations. Key recommendations included conducting oversight on the status of CIRCEA, improving coordination among congressional committees, clarifying CISA's role in regulatory harmonization, and reauthorizing the Cybersecurity Information Sharing Act of 2015.

The meeting concluded with a call for continued collaboration between the public and private sectors to enhance the security of critical infrastructure, which is vital for national security and the well-being of communities across the nation. As the landscape of cyber threats evolves, the committee's efforts to refine regulatory frameworks will be crucial in ensuring a robust defense against potential attacks.