Cyber Director Preparing Pilot for Better Harmonizing of Regulations

Director issued a request for information about harmonizing regulation across federal agencies (see 2311030046). ONCD on Tuesday issued a summary of public feedback, which included comments from USTelecom, NCTA, CTIA, BSA | The Software Alliance and the U.S. Chamber of Commerce, as well as consumer groups like Consumer Reports and the Electronic Privacy Information Center. Many commenters said cyber compliance costs are forcing organizations to draw resources away from cybersecurity programs, Coker said Tuesday. A related issue is that international and state regulatory frameworks create inconsistencies and duplication, he said. Coker noted the Chamber of Commerce, the National Electrical Manufacturers Association and CTIA “suggested that Congress consider legislation to set national, high-level standards for cybersecurity.” ONCD expects it will complete a pilot program in 2025 that explores cyber reciprocity. The term refers to the federal government relying on internal and external organizations’ security assessments, which can reduce time, costs and resources when authorizing federal information technology systems. The pilot program will focus on a reciprocity framework “to be used in a critical infrastructure subsector,” said Coker. Commenters believe there’s a lack of regulatory harmonization and reciprocity, which impacts the competitiveness of businesses in “all sectors,” Coker noted. The pilot program will give ONCD “valuable insights as to how best to design a cybersecurity regulatory approach from the ground up,” he said.