WASHINGTON, D.C. – Bipartisan legislation led by U.S. Senators Gary Peters (D-MI) and James Lankford (R-OK) to establish a comprehensive framework for streamlining cybersecurity regulations across the federal government has advanced in the Senate. The bill would mitigate challenges associated with conflicting, contradictory cybersecurity compliance requirements by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD). Last month, Chairman Peters held a hearing to examine the current federal efforts to align overlapping federal cybersecurity standards. Witnesses emphasized the significant impact that duplicative or contradictory requirements have on businesses and the need for Congress to take swift action to standardize regulations across critical infrastructure sectors and bring all federal agencies, including independent regulatory agencies, together. The bill was passed by the Senate Homeland Security and Governmental Affairs Committee where Peters serves as Chair, and now moves to the full Senate for consideration.
“Cybersecurity is one of the greatest challenges we face, but overlapping and conflicting federal cybersecurity regulations can hinder our ability to protect against and respond to rapidly-evolving cyberattacks,” said Senator Peters. “My bipartisan bill will streamline the federal cybersecurity environment and address challenges that our businesses and critical infrastructure operators may face while working with federal agencies to ensure we can effectively respond to cybersecurity threats.”
“Bureaucratic red tape shouldn’t get in the way of preventing a cyber attack, but complicated regulations are making it more difficult to address the major cyber threats facing our national security and critical infrastructure. Harmonizing these efforts will make sure that federal requirements are focused on actually improving security instead of imposing a convoluted set of compliance challenges,” said Lankford.
As cyberattacks grow in intensity and frequency, the cybersecurity compliance environment has become increasingly complex as agencies and regulatory bodies work to prevent online attacks. In many instances, rather than promoting increased cybersecurity, the complex, contradictory, and convoluted compliance landscape has forced companies to spend time, money, and expertise on regulatory examinations. By some estimates, cybersecurity teams are spending 40 to 70% of their time on compliance rather than improvements to their cybersecurity.
The bipartisan Streamlining Federal Cybersecurity Regulations Act would address the challenges associated with multiple regulatory regimes by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD). The bill requires the committee, headed by ONCD, develop a framework for the alignment of cybersecurity and information security regulations, rules, examinations, and other compliance requirements. Additionally, the bill establishes a pilot program to test the developed framework on substantially similar regulations. It also requires all federal agencies, including independent regulatory agencies, to consult with the committee before issuing or updating regulations.
Below are statements in support of the senators’ legislation:
“There is strong, longstanding, widely agreed- upon, and bipartisan consensus on the need to harmonize cybersecurity regulations. We applaud Senators Peters and Lankford for their work on the Streamlining Federal Cybersecurity Regulations Act, which will help identify cybersecurity federal regulations that are excessively burdensome, conflicting, or ineffective and empower the U.S. National Cyber Director to take action to eliminate those barriers,” said John Miller, ITI Senior Vice President of Policy, Trust, Data, and Technology.
“BSA commends Chairman Peters for his work to take up S. 4630, the Streamlining Federal Cybersecurity Regulations Act. The Streamlining Federal Cybersecurity Regulations Act would empower the Office of the National Cyber Director to evaluate and identify how cybersecurity regulations can be harmonized across government. Harmonizing cybersecurity regulations is a priority for BSA, an issue that enjoys bipartisan support, and an opportunity highlighted by experts to improve the nation’s overall cybersecurity posture. BSA welcomes this effort to better facilitate ONCD’s work and support more meaningful oversight by Congress,”said Henry Young, The Software Alliance.
“The Streamlining Federal Cybersecurity Regulations Act would mark an important first step toward aligning unnecessarily duplicative or divergent cyber regulatory requirements. The Office of the National Cyber Director (ONCD) is ideally suited to lead a Harmonization Committee and the development of a framework for achieving harmonization between regulatory agencies given its government-wide remit and previous work on this topic. We appreciate the legislation’s requirement that all agencies—including independent regulators—consult with the Harmonization Committee before prescribing any cybersecurity regulation, which will help minimize duplicative or unhelpful requirements in the future,” said Greg Baer, President and CEO of the Bank Policy Institute.
“The U.S. Chamber of Commerce supports S.4630, the “Streamlining Federal Cybersecurity Regulations Act,” which would establish an interagency committee to address the overlapping, duplicative, and often contradictory federal cybersecurity regulatory structure.
The Chamber believes regulatory harmonization and reciprocity are critical to allowing cybersecurity professionals to focus on protecting digital and critical infrastructure. We look forward to working with Congress – particularly the Homeland Security and Government Affairs Committee – the Office of the National Cyber Director, and federal regulatory agencies to promote an efficient and productive regulatory environment,” said Christopher Roberti, Senior Vice President of Cyber, Space, and National Security Policy at U.S. Chamber of Commerce.