White House Backs Harmonizing Cybersecurity Regulation

Matt Bracken, reporting in Cyberscoop, writes that at a recent hearing before the Senate Homeland Security and Governmental Affairs Committee, lawmakers and witnesses criticized the complicated cybersecurity regulation patchwork that hinders the private sector’s ability to fight threats. They agreed that cybersecurity regulation must be harmonized.

The hearing came a day after the Office of the National Cyber Director issued a report in response to a request for information on the regulatory harmonization of cybersecurity. Nicholas Leiserson, the Biden administration’s Assistant National Cyber Director For Cyber Policy, said “Regulatory harmonization is a problem that has existed for decades but the trend line is generally heading toward more fragmentation.”

A draft bill from Committee member Sen. Gary Peters of Michigan was cited as a way to remedy the problem. It calls for the creation of an interagency committee to coordinate cybersecurity regulation. Leiserson said the bill would allow the Office of the National Cyber Director to carry out its mission “by bringing independent regulatory commissions to the table together with the interagency in a policymaking process.”

Peters pointed out that federal regulators have passed 48 rules on cybersecurity standards over the past four years. He said that without a higher level of coordination “there is no way to ensure that these guidelines don’t overlap, duplicate, or quite simply contradict each other.” Sen. James Lankford of Oklahoma echoed his concerns.

The lack of federal cyber harmonization negatively impacts the ability of U.S. companies to compete internationally, according to Leiserson. European firms only need to worry about operating under the E.U. framework, he noted, and with Russia and China attacking U.S. critical infrastructure, streamlining standards is even more important.