Matthew J. Eggers
Vice President, Cybersecurity Policy Cyber, Intelligence, and Security Division U.S. Chamber of Commerce
Published
June 07, 2024
The Assistant National Cyber Director for Cyber Policy and Programs, Nick Leiserson, did the ONCD, or the Office of the National Cyber Director, proud on Wednesday with his testimony before the Senate Homeland Security and Governmental Affairs Committee hearing on “Streamlining the Federal Cybersecurity Regulatory Process: The Path to Harmonization.”
As Leiserson described in his testimony, “For regulated entities, harmonized and reciprocal cybersecurity oversight approaches would decrease the administrative burden tied to varying or redundant regulatory requirements for similar functions. Through eliminating differing requirements and duplicative examinations, regulated entities could instead devote those additional resources and effort to improving their cybersecurity posture.”
The ONCD deserves praise for leading a process oriented toward “better, safer cyber outcomes” for the U.S. Leiserson pointed out that industry overwhelmingly agrees that the lack of cybersecurity regulatory harmonization and reciprocity poses a significant challenge to both cybersecurity outcomes and business competitiveness.
Also testifying was the Government Accountability Office’s David Hinchman, director of Information Technology and Cybersecurity. His statement notes it is crucial that the stakeholders involved in the harmonization process “remain focused on resolving the conflicts, inconsistencies, and redundancies currently found in our nation’s cybersecurity regulations.
The hearing was both thoughtful and much needed. The HSGAC, chaired by Sen. Gary Peters (D-MI), deserves credit for developing legislation that would, among other things, help bring independent regulatory agencies—which are often charting disparate courses—to the table to advance cybersecurity harmonization.
Cyber watchers shouldn’t overlook the value of this comparatively brief hearing. Apparently, HSGAC’s prior hearing on cybersecurity regulation harmonization was held seven years ago.
There’s a consensus that building healthy cybersecurity cultures across the public and private sectors must account for the need to harmonize government requirements related to enterprise risk management and reporting not only at the federal level but also between federal and state regulators and internationally.
About the authors
Matthew J. Eggers
Matthew J. Eggers is vice president of cybersecurity policy in the Cyber, Intelligence, and Security division at the U.S. Chamber of Commerce.
