Cloud Computing, Cybersecurity

Harmonizing Cybersecurity Regulations Is a Win-Win

Businesses around the world must presently comply with numerous cybersecurity regulations, most of which are neither harmonized within a single country nor between like-minded countries.

Harmonization involves aligning regulations and requirements across different agencies (and sometimes across governments) to ensure consistency, drive policy toward common outcomes, and avoid duplicative or conflicting rules and requirements.

The US government has identified harmonization as a major objective; the Office of the National Cyber Director’s Summary of the 2023 Cybersecurity Regulatory Harmonization Request for Information found that regulatory harmonization would help “to achieve better cybersecurity outcomes while lowering costs to businesses and their customers,” which explains why harmonization was one of the priorities in the US National Cybersecurity Strategy. Those documents recognize that harmonizing cybersecurity regulations benefits companies, their customers (including government agencies), and the resilience of the entire digital ecosystem – it’s a win-win-win.

The benefits of harmonizing cybersecurity requirements are numerous and include:

  1. Improving cybersecurity by reducing complexity and cost of compliance (allowing companies to allocate resources toward security activities).
  2. Promoting innovation by increasing how much they compete on their ability to provide more effective and secure products and reducing how much companies compete on their ability to efficiently comply with numerous cybersecurity regulations.
  3. Growing the economy and delivering for citizens by removing barriers to entry for innovative companies and guaranteeing customers and government agencies access to best-of-breed solutions.
  4. Delivering secure government services by improving procurement processes and focusing resources on an agencies’ core missions.

Despite these and other benefits, cybersecurity regulation harmonization faces challenges. The first (and obvious) challenge is that there are numerous regulations that need to be harmonized. The congressionally mandated Department of Homeland Security (DHS) Report to Congress on Harmonization of Cyber Incident Reporting to the Federal Government (CIRC Report), identified 52 in-effect or proposed cyber incident reporting requirements alone.

The second challenge is that government agencies are simply not motivated or incentivized to harmonize their cybersecurity regulations. Agencies tend to focus on their specific needs rather than aligning their cybersecurity interests. Consolidating needs across government can ensure that cybersecurity systems and the entire IT ecosystem are updated more quickly and to contemporary practices.

To overcome these challenges, Congress should consider the following actions:

  1. Establish an expert commission to drive harmonization of cybersecurity regulations. This commission would be composed of government regulators and industry experts with a mandate to drive harmonization of all cybersecurity regulations, including cybersecurity incident reporting. We recognize that the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) tasked the Computer Incident Response Center (CIRC) with writing a report on cyber incident reporting, but the first step toward harmonizing cybersecurity regulations tasking harmonizing cybersecurity regulations to a single entity.
  2. Direct this commission to deliver a comprehensive report to Congress, building on the CIRC report, that identifies all existing and proposed cybersecurity regulations along with specific recommendations on how regulators should harmonize them.
  3. Begin harmonizing cybersecurity regulations across relevant agencies pursuant to the Commission’s recommendations or require agencies to provide reports on Congress on why they are declining to do so.
  4. Leverage aggressive and effective oversight: Congress should leverage the Commission’s recommendations and the regulator’s responses to drive regulators to harmonize their cybersecurity regulations through aggressive and effective oversight.

Combining these actions and engagement with like-minded allies to harmonize cybersecurity laws and policies across borders will make these efforts even more impactful. For this reason, Congress and the Administration should ensure that our diplomatic engagements prioritize harmonization of cybersecurity regulations between governments.

Harmonizing cybersecurity requirements is an ideal issue for the US Government, like-minded allies, and industry to work together to achieve because it is a win-win-win. It’s time start singing from the same song sheet.

Artificial Intelligence, Cybersecurity, Privacy

BSA AI Solutions: Protecting Privacy and Advancing Cybersecurity

BSA | The Software Alliance’s “AI Policy Solutions” outlines how policymakers worldwide can advance privacy and cybersecurity in tandem. Read More >>

BSA | The Software Alliance’s “AI Policy Solutions” outlines how policymakers worldwide can advance privacy and cybersecurity in tandem. Read More >>

Artificial Intelligence, Cybersecurity

Palo Alto Networks on Leveraging AI Discovery and Analysis for Cyber Defense

At Palo Alto Networks, we have doubled down on this posture because we firmly believe that AI-powered cybersecurity is vital to protecting privacy, enhancing national security, and safeguarding our digital way of life. Read More >>

At Palo Alto Networks, we have doubled down on this posture because we firmly believe that AI-powered cybersecurity is vital to protecting privacy, enhancing national security, and safeguarding our digital way of life. Read More >>

Artificial Intelligence, Cybersecurity, Privacy

Q&A: Cisco on Enhancing Privacy and Cybersecurity With AI Tools

Cisco Executive Vice President and General Manager, Security and Collaboration Business Units Jeetu Patel answers questions from BSA’s SVP of Global Policy Aaron Cooper about how AI tools and systems can help companies like Cisco, develop products for its customers that put privacy protection first and enhance cybersecurity abilities.  Read More >>

Cisco Executive Vice President and General Manager, Security and Collaboration Business Units Jeetu Patel answers questions from BSA’s SVP of Global Policy Aaron Cooper about how AI tools and systems can help companies like Cisco, develop products for its customers that put privacy protection first and enhance cybersecurity abilities.  Read More >>

Artificial Intelligence, Cybersecurity

Rubrik on Using AI to Analyze Code and Detect Vulnerabilities

In the future, I believe AI will better analyze code to help detect exploitable vulnerabilities that traverse an ever-growing code base for most applications. Read More >>

In the future, I believe AI will better analyze code to help detect exploitable vulnerabilities that traverse an ever-growing code base for most applications. Read More >>