The U.S. government is considering new cybersecurity reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act, which mandates quick incident and ransom payment reports to the Cybersecurity and Infrastructure Security Agency. The domain name registry business Identity Digital argues that registries and registrars should be exempt from direct government reporting and instead report incidents to ICANN.
They believe ICANN, as a global body with a robust compliance program, is better suited to handle standardized cyber incident reporting for the domain industry, thus preserving the open, interoperable nature of the internet.
