CyberScoop reports that House lawmakers have been urged by IT, banking, and oil and natural gas industry representatives to streamline cybersecurity regulations amid the presence of duplicative, inconsistent, and conflicting rules.
Inadequate harmonization is particularly evident in the Cybersecurity and Infrastructure Security Agency's new cyber reporting rules requiring notifications of substantial cyberattacks and ransomware payments within 72 hours and 24 hours, respectively, which lacked properly defined limits, noted the representatives before the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation. "The past three administrations have prioritized the issue. Multiple congresses have agreed it's a priority, and yet I do not recall a single conflicting and consistent or duplicative cyber regulation ever being eliminated or streamlined after all these years," said Information Technology Industry Council Vice President of Policy, Trust, Data, and Technology John Miller, who recommended the creation of a systematized regulatory clearinghouse process under the Office of the National Cyber Director to prevent redundancies.
