Adrian Johnson
TLDR:
Government Accountability Office found that efforts to harmonize federal cybersecurity regulations are ongoing but have a long way to go, with the Treasury still needing to complete recommendations. Disharmony in cybersecurity regulations, particularly in data breach disclosure notification rules, remains a challenge as state laws vary and no overarching federal law preempts them. Recommendations from a 2020 report to track sector-wide cyber risk mitigation efforts and establish metrics for progress are still open. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 aims to deconflict federal incident reporting requirements but is not yet finalized. Industry experts and the Bank Policy Institute criticize existing rules for creating confusion and contradicting each other, emphasizing the need for stakeholders to focus on resolving conflicts and implementing specific plans to achieve harmonization.
Article Summary:
A report by the Government Accountability Office highlights the ongoing efforts to harmonize federal cybersecurity regulations, with a particular focus on challenges faced by the Treasury in completing recommendations. The report emphasizes the disharmony in cybersecurity regulations, especially in data breach disclosure notification rules, due to varying state laws and the absence of an overarching federal law. Recommendations from a 2020 report, including tracking sector-wide cyber risk mitigation efforts and establishing metrics for progress, are still open and require attention. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 aims to address deconfliction of incident reporting requirements but is still in the process of being finalized. Industry experts, such as the Bank Policy Institute, have criticized existing rules for creating confusion and contradicting each other, underscoring the importance of stakeholders focusing on resolving conflicts and implementing specific plans to achieve harmonization.
