Bipartisan Senate bill takes aim at ‘overly burdensome’ cybersecurity regs
New legislation from a bipartisan pair of senators would create an interagency committee tasked with streamlining the country’s patchwork system of cybersecurity regulations if signed into law.
The Streamlining Federal Cybersecurity Regulations Act from Sens. Gary Peters, D-Mich., and James Lankford, R-Okla., calls on the White House’s national cyber director to create a committee that would harmonize the myriad cyber requirements imposed on companies by federal regulatory agencies, according to bill text shared with CyberScoop.
The introduction of the bill comes a month after a Senate hearing in which Nicholas Leiserson, the assistant national cyber director for cyber policy and programs, warned lawmakers of increasing “fragmentation” of cybersecurity regulations. “It is a problem that requires leadership from ONCD and Congress informed by the private sector,” he said.
Peters and Lankford both acknowledged the problem during the hearing, with the Michigan Democrat teasing the bill’s release — a draft copy of which was previously obtained by The Record — and the Oklahoma Republican railing against rulemaking from independent agencies.
“There are independent agencies that feel like they’re independent from everybody. They’re not independent from everybody,” Lankford said at the time. “There’s still some boundaries that need to be there when they’re creating new regs, that they’re not a completely independent fourth branch of government.”
The lawmakers’ bill addresses many of the concerns raised during June’s hearing. The committee would be responsible for identifying “overly burdensome, inconsistent, or contradictory” cybersecurity requirements and recommending updates to them, while establishing minimum standards and reciprocity among agencies.
The committee would include the national cyber director, the chief of the Office of Management and Budget’s Office of Information and Regulatory Affairs, the heads of each federal regulatory agency and other government leaders determined by the chair.
Other elements of the bill include a pilot program to implement the new framework after consulting with various sector risk management agencies and an annual report on the committee’s work to the Senate Homeland Security and House Oversight and Accountability committees, among others with relevant jurisdiction.