The federal government could take an important step toward bolstering US cybersecurity if it heeds the new, draft recommendations from a presidential advisory committee published late this week.
A working draft published by the President’s National Security Telecommunications Advisory Committee (NSTAC) makes several policy recommendations to help the government position itself and US companies to better respond to cyber threats. Key among those recommendations is that CISA – the Cybersecurity and Infrastructure Security Agency – establish an office whose chief concern is harmonizing cybersecurity regulations.
Why does this matter?
Clear and consistent cybersecurity regulations help organizations better identify, respond to, and mitigate the impact of cyber incidents when action is time-sensitive versus having to worry about which compliance obligations they must satisfy. As BSA’s Global Cyber Agenda makes clear, consistently aligning cybersecurity laws and policies with internationally-recognized standards helps to build trust in software, and sets the context for improving actual cybersecurity outcomes.
Harmonized cybersecurity requirements also help to ensure that vendors are selected based on the capabilities of the services and software they provide, and helps to guard against non-tariff trade barriers masquerading as cybersecurity requirements.
What is NSTAC proposing?
Among other key findings in the working draft, NSTAC calls for establishing an Office of Cybersecurity Regulatory Harmonization (OCRH) within CISA, and calls upon President Biden to direct various agency rulemakings to require a harmonization effort across government.
“Establishing OCRH within CISA and providing it with dedicated staffing and resources would create an institutionalized source of in-depth cybersecurity regulatory expertise across sectors that does not currently exist within the federal government,” the draft report says.
The NSTAC recommendations further call for establishing policies and processes to harmonize regulations in the future.
BSA’s view: A good policy step forward
Whether through the establishment of a formal harmonization office or some other means, the NSTAC report offers worthwhile recommendations that would help to bolster US cybersecurity. The president’s own advisory committee has now recognized that harmonization is a step toward improving our national cybersecurity posture, and BSA looks forward to continued engagement with the administration to put these recommendations or their intentions into action.
