DHS' recommendations come amid a growing patchwork of cyber incident reporting rules and regulations.