Cybersecurity

ONCD Urges Congress to Harmonize Cybersecurity Regulations


ONCD Director Harry Coker Calls on Congress to Improve Cybersecurity Reciprocity

ONCD Director Harry Coker calls for cybersecurity regulatory harmonization. (Image: Shutterstock)

The head of the Office of the National Cyber Director called on Congress to better harmonize cross-sector baseline cybersecurity requirements in regulated industries following years of federal and international guidance.

See Also: Building an Effective Economic Security Program: 3 Critical Components to Proactively Secure Your Organization

Director Harry Coker said organizations representing a majority of critical infrastructure sectors told the White House agency that lack of regulatory harmonization poses “a challenge to both cybersecurity outcomes and to business competitiveness.”

The office in August solicited private sector perspectives on the state of cybersecurity regulation. It received responses from 11 of the 16 critical infrastructure sectors, representing over 15,000 businesses, states and other organizations.

A summary of the responses details grievances including a lack of reciprocity between state and federal regulators and international partners. The Financial Services Sector Coordinating Council said many CISOs spend upward of 50% of their time managing regulatory compliance, and the National Defense Industrial Association said that “inconsistencies also pose barriers to entry, especially for small and mid-sized businesses.”


ONCD issued an updated implementation plan in May for the 2023 national cybersecurity strategy, which requires critical infrastructure sectors to achieve certain basic cybersecurity requirements while shifting the burden of security requirements from end users to software developers.


Respondents stressed that current cybersecurity regulatory efforts across the federal government are creating a patchwork of requirements.


Organizations also expressed confusion over which federal agencies were responsible for regulating the defense industrial base, with the National Defense Industrial Association said that “it is not clear to industry which agency in the federal government acts as the clearinghouse for cyber-related regulations and requirements.”


The recommendations urge ONCD and Congress to develop new guidance that identifies the correct federal entity for “controlling and managing the development and issuance of cyber and cyber-related guidance, standards, requirements and regulations across the federal government,” according to the summary.


Coker, a Navy veteran and former executive director of the NSA from 2017 to 2019, was confirmed by the U.S. Senate to serve as ONCD director in December 2023. He was nominated to serve in the critical role after former ONCD Director Chris Inglis stepped down in February 2023.

Coker said the office has already launched new harmonization projects in response to the RFI, including a pilot reciprocity framework to be used in a critical infrastructure subsector. ONCD did not immediately respond to a request for comment containing more information about the pilot or other ongoing initiatives to drive regulatory harmonization.


“We anticipate that this pilot will give us valuable insights as to how best to design a cybersecurity regulatory approach from the ground up,” Coker said. “However, we need Congress’s help to bring all the relevant agencies in the government together to develop a cross-sector framework for harmonization and reciprocity for baseline cybersecurity requirements.”





Source

Related Articles

Back to top button