Adrian Johnson
TLDR:
- White House cyber czar Harry Coker is advocating for a bill in Congress to harmonize cybersecurity regulations and reduce compliance burden on organizations.
- The bill would create an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD) to align regulations and enhance security.
At the Black Hat conference in Las Vegas, White House cyber czar Harry Coker emphasized the need for regulatory harmonization to alleviate the compliance burden on organizations. A bill currently advancing through Congress aims to establish an interagency committee at the ONCD to develop a framework for aligning cybersecurity regulations and requirements. The bill also mandates federal agencies to consult with the committee before issuing or updating regulations, fostering collaboration and coherence across the cybersecurity ecosystem. Coker highlighted reciprocity as a key goal, emphasizing that compliance does not equate to cybersecurity. The bill is supported by both Democrats and Republicans in recognition of the challenges posed by conflicting cybersecurity compliance requirements.
Coker’s push for regulatory harmonization is driven by the desire to decrease the cost of doing business and enable cybersecurity leaders to focus on defense rather than compliance. By bringing together regulators to apply logic and collaboration to this complex problem, the bill seeks to enhance security while streamlining regulatory processes. Stringent cybersecurity rules have already been implemented in sectors like healthcare and finance, with plans for additional incident reporting rules in critical infrastructure next year.
Senators Gary Peters and James Lankford, who worked with Coker on the bill, emphasized the need to address duplicative and contradictory cyber requirements that hinder security efforts. The aim is to refocus federal requirements on improving security and preempting cyber threats rather than imposing convoluted compliance challenges. The bill’s potential impact on federal cybersecurity regulations highlights the shared commitment to enhancing national security and protecting critical infrastructure from cyber threats.
