- August 5, 2024
Lankford Bill to Harmonize Federal Cybersecurity Regulations Moves Forward
OKLAHOMA CITY, OK — The Senate Homeland Security and Governmental Affairs Committee voted to advance a bill introduced by Senators James Lankford (R-OK) and Gary Peters (D-MI) to establish a comprehensive framework for streamlining cybersecurity regulations across the federal government. The bill would mitigate challenges associated with conflicting, contradictory cybersecurity compliance requirements by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD).
“Bureaucratic red tape shouldn’t get in the way of preventing a cyberattack, but complicated regulations are making it more difficult to address the major cyber threats facing our national security and critical infrastructure. Harmonizing these efforts will make sure that federal requirements are focused on actually improving security instead of imposing a convoluted set of compliance challenges,” said Lankford.
“Cybersecurity is one of the greatest challenges we face, but overlapping and conflicting federal cybersecurity regulations can hinder our ability to protect against and respond to rapidly-evolving cyberattacks,” said Peters. “My bipartisan bill will streamline the federal cybersecurity environment and address challenges that our businesses and critical infrastructure operators may face while working with federal agencies to ensure we can effectively respond to cybersecurity threats.”
Last month, Lankford participated in a hearing to examine the current federal efforts to align overlapping federal cybersecurity standards. Witnesses emphasized the significant impact that duplicative or contradictory requirements have on businesses and the need for Congress to take swift action to standardize regulations across critical infrastructure sectors and bring all federal agencies, including independent regulatory agencies, together.
As cyberattacks grow in intensity and frequency, the cybersecurity compliance environment has become increasingly complex as agencies and regulatory bodies work to prevent online attacks. In many instances, rather than promoting increased cybersecurity, the complex, contradictory, and convoluted compliance landscape has forced companies to spend time, money, and expertise on regulatory examinations. By some estimates, cybersecurity teams are spending 40 to 70 percent of their time on compliance rather than improvements to their cybersecurity.
The Streamlining Federal Cybersecurity Regulations Actwould address the challenges associated with multiple regulatory regimes by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD). The bill requires the committee, headed by ONCD, develop a framework for the alignment of cybersecurity and information security regulations, rules, examinations, and other compliance requirements. Additionally, the bill establishes a pilot program to test the developed framework on substantially similar regulations. It also requires all federal agencies, including independent regulatory agencies, to consult with the committee before issuing or updating regulations.
Below are statements in support of the Senators’ legislation:
“There is strong, longstanding, widely agreed- upon, and bipartisan consensus on the need to harmonize cybersecurity regulations. We applaud Senators Peters and Lankford for their work on the Streamlining Federal Cybersecurity Regulations Act, which will help identify cybersecurity federal regulations that are excessively burdensome, conflicting, or ineffective and empower the US National Cyber Director to take action to eliminate those barriers,” said John Miller, ITI Senior Vice President of Policy, Trust, Data, and Technology.
“The Streamlining Federal Cybersecurity Regulations Act would mark an important first step toward aligning unnecessarily duplicative or divergent cyber regulatory requirements. The Office of the National Cyber Director (ONCD) is ideally suited to lead a Harmonization Committee and the development of a framework for achieving harmonization between regulatory agencies given its government-wide remit and previous work on this topic. We appreciate the legislation’s requirement that all agencies—including independent regulators—consult with the Harmonization Committee before prescribing any cybersecurity regulation, which will help minimize duplicative or unhelpful requirements in the future,” said Greg Baer, President and CEO of the Bank Policy Institute.
“The US Chamber of Commerce supports S.4630, the ‘Streamlining Federal Cybersecurity Regulations Act,’ which would establish an interagency committee to address the overlapping, duplicative, and often contradictory federal cybersecurity regulatory structure. The Chamber believes regulatory harmonization and reciprocity are critical to allowing cybersecurity professionals to focus on protecting digital and critical infrastructure. We look forward to working with Congress—particularly the Homeland Security and Government Affairs Committee—the Office of the National Cyber Director, and federal regulatory agencies to promote an efficient and productive regulatory environment,” said Christopher Roberti, Senior Vice President of Cyber, Space, and National Security Policy at US Chamber of Commerce.
###