Feds Call for Harmonization of Cybersecurity Regulations

Agencies and industry need harmonization of effective, adaptable and coordinated regulations on cybersecurity to address the growing threat of cyberattacks, said cyber leaders in a June 5 Senate Homeland Security Governmental Affairs Committee.

This lack of policy harmonization resonated among public comments received from a request for information the Office of the National Cyber Director (ONCD) released in July 2023. This poses a challenge to both cybersecurity outcomes and business competitiveness, said Assistant National Cyber Director for Cyber Policy and Programs Nicholas Leiserson.

“In some cases, respondents noted that CISOs were spending 30-50% of their time not on security, but on compliance activities, which is why improving federal coherence in partnership with our inner agency and private sector stakeholders is at the core of our mission,” Leiserson said. “ONCD has also started to build a pilot reciprocity framework. We anticipate that this pilot will give us valuable insights as to how to best achieve reciprocity when designing a cybersecurity regulatory approach from the ground up.”

The new pilot will act as a catalyst to the development of a comprehensive policy framework, streamlining oversight, strengthening cybersecurity readiness and achieving harmonization, added Leiserson.

Government Accountability Office (GAO) Cybersecurity Director David Hinchman also emphasized the need for Congress to address independent regulatory commissions and to integrate them into the policymaking process.

“We need to look at a common framework and set of standards to ensure that individual sectors have the customized cybersecurity standards they need, in addition to the national framework developed,” Hinchman said. “We have to start to come together to understand the landscape better, which will enable positive developments.”

Leiserson pointed to the 470,000 job openings in the tech industry as a cybersecurity threat. Expanding the federal workforce of cybersecurity professionals and implementing the National Cyber Workforce and Education Strategy is a key initiative and a centerpiece of ONCD’s work, said Leiserson.

“At ONCD, we’re very focused on broadening pathways to entry and removing barriers,” Leiserson said. “We’re focused on skills-based hiring, which means if you have the appropriate skills to do a cybersecurity job, but you do not have a four-year college degree, that should not be a barrier in terms of joining the federal government.”

Organizations must fill the gaps in the cyber workforce, and regulators must develop baseline cybersecurity requirements to reduce potential cyberattacks that threaten critical infrastructure, Leiserson and Hinchman added.

“We have to start harmonizing this effort — bringing independent agencies together and passing legislation is the only solution,” said Sen. Gary Peters of Michigan. “If we fail this mission, we won’t be able to build the most effective response to cyber threats.”