WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and James Lankford (R-OK) introduced bipartisan legislation to establish a comprehensive framework for harmonizing cybersecurity regulations across the federal government. The bill would mitigate challenges associated with conflicting, contradictory cybersecurity compliance requirements by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD). Earlier this month, Chairman Peters held a hearing to examine the current federal efforts to align overlapping federal cybersecurity standards. Witnesses emphasized the significant impact that duplicative or contradictory requirements have on businesses and the need for Congress to take swift action to standardize regulations across critical infrastructure sectors.
“In order to properly combat the threat of cyberattacks, federal agencies must have comprehensive, coordinated cyber regulations in place,” said Senator Peters. “My bill will harmonize federal cybersecurity regulations to ensure our government and regulators are working together to address cybersecurity threats in the most effective way.”
“Bureaucratic red tape shouldn’t get in the way of preventing a cyber attack, but complicated regulations are making it more difficult to address the major cyber threats facing our national security and critical infrastructure. Harmonizing these efforts will make sure that federal requirements are focused on actually improving security instead of imposing a convoluted set of compliance challenges,” said Senator Lankford.
As cyberattacks grow in intensity and frequency, the cybersecurity compliance environment has become increasingly complex as agencies and regulatory bodies work to prevent online attacks. In many instances, rather than promoting increased cybersecurity, the complex, contradictory, and convoluted compliance landscape has forced companies to spend time, money, and expertise on regulatory examinations. By some estimates, cybersecurity teams are spending 40 to 70% of their time on compliance rather than improvements to their cybersecurity.
The bipartisan Streamlining Federal Cybersecurity Regulations Act would address the challenges associated with multiple regulatory regimes by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD). The bill requires the committee, headed by ONCD, develop a framework for the alignment of cybersecurity and information security regulations, rules, examinations, and other compliance requirements. Additionally, the bill establishes a pilot program to test the developed framework on substantially similar regulations. It also requires that all agencies, including independent regulatory agencies, consult with the committee before issuing or updating regulations.
###