Skip to content
All about technology.All about cybersecurity.

The White House is aiming to align cybersecurity rules across their span.

White House strategy laid out by National Cyber Director Harry Coker Jr. aims to reduce the administrative hassle and expense associated with cybersecurity compliance.

 and  Administrator
3 min read
Federal administration seeks to standardize the scope of cybersecurity laws
Federal administration seeks to standardize the scope of cybersecurity laws

The White House is aiming to align cybersecurity rules across their span.

The Biden administration has announced a comprehensive plan to harmonize federal, state, and international regulations aimed at boosting cyber resilience among the nation's private sector and critical infrastructure providers. The plan, developed over several months with input from private sector partners, seeks to reduce duplicative reporting requirements for the private sector and critical infrastructure providers.

The push for harmonization is designed to reduce the regulatory burden on companies and critical infrastructure providers required to disclose cybersecurity incidents and mitigation strategies to various federal, state, and foreign agencies. According to Amy Chang, resident senior fellow at R Street, the lack of reciprocity between regulatory agencies is a significant issue for companies.

A key component of the plan is interagency coordination. The administration emphasizes formal cooperation among federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST), to unify cybersecurity guidance and reporting expectations across government entities.

Standardization and harmonization are also crucial elements. The administration intends to create consistent requirements by developing updated frameworks and technical standards, such as integrating AI considerations into incident response and cybersecurity protocols.

The plan also involves establishing new information sharing structures. The creation of centralized entities like the AI Information Sharing and Analysis Center (AI-ISAC) under the Department of Homeland Security provides a single conduit for sharing cyber threat information, reducing the need for multiple, redundant reports from private sector organizations and infrastructure providers.

Policy and regulatory streamlining directives are another part of the plan. Executive orders accompanying the AI Action Plan promote the reduction of duplicative regulations and encourage agencies to coordinate permitting and reporting requirements. These efforts logically extend to reducing duplicative cybersecurity reporting.

The administration received 86 responses to its request for information last August from 11 of the federal government's 16 designated critical infrastructure sectors. These responses suggest steps to streamline the administrative burden and costs associated with the various rules and regulations.

Many companies are spending countless hours and resources responding to duplicative information requests from different agencies instead of having those agencies share the provided information. The plan is designed to address this issue and make compliance less cumbersome for critical infrastructure operators and private companies.

In addition to seeking help from Congress to find legislative authorities to reduce administrative redundancies, the administration is also seeking additional help to harmonize federal, state, and international regulations. This harmonization is expected to improve the efficiency and effectiveness of cyber resilience measures while lessening the administrative burden on critical infrastructure operators and private companies.

[1] White House, Office of Science and Technology Policy. (2022). Fact Sheet: The National Artificial Intelligence Research and Development Strategic Plan. Retrieved from https://www.whitehouse.gov/artificial-intelligence/ai-rd-strategic-plan/

[2] White House, Office of the Press Secretary. (2022). Fact Sheet: The National Cybersecurity Strategy. Retrieved from https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/16/fact-sheet-the-national-cybersecurity-strategy/

[3] White House, Office of the Press Secretary. (2022). Executive Order on Improving the Nation's Cybersecurity. Retrieved from https://www.whitehouse.gov/briefing-room/presidential-actions/2022/05/12/executive-order-on-improving-the-nations-cybersecurity/

[4] White House, Office of the Press Secretary. (2021). Executive Order on Ensuring Adequate Security of the Federal Government. Retrieved from https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-ensuring-adequate-security-of-the-federal-government/

The administration's plan to harmonize regulations is aiming to decrease the cybersecurity compliance burden on companies and critical infrastructure providers, as they are currently required to disclose cybersecurity incidents and strategies to multiple federal, state, and foreign agencies. This harmonization is intended to address the issue of duplicative reporting requirements and improve the efficiency of cyber resilience measures.

In line with the plan, the administration intends to create consistent requirements by developing updated frameworks and technical standards, such as integrating AI considerations into incident response and cybersecurity protocols, in order to unify cybersecurity guidance and reporting expectations across government entities.

Read also:

    Related

    Latest