White House seeks public insight to harmonize ‘inconsistent’ cyber regulations

Following the announcement of the White House’s implementation plan for its National Cybersecurity Strategy, the administration issued an accompanying request for information Wednesday that seeks input on how to efficiently harmonize the cybersecurity protocols governing the nation’s networks.

The RFI, released by the Office of the National Cyber Director, aims to promote blanket cybersecurity regulations absent mandatory federal law.

“When cybersecurity regulations of the same underlying technology are inconsistent or contradictory — or where they are duplicative but enforced differently by different regulators — consumers pay more, and our national security suffers,” the announcement from the ONCD read.

It notes that while the voluntary approaches common in existing guidelines and policy are helpful, the lack of mandates results in compromised security.

In part, ONCD aims to use the RFI to examine a possible framework for regulatory reciprocity, or “the recognition or acceptance by one regulatory agency of another agency’s assessment, determination, finding or conclusion with respect to the extent of a regulated entity’s compliance with certain cybersecurity requirements.” 

Comments will be accepted until Sept. 15. The RFI notes the White House is hoping for participation from advocacy groups, academia, industry association and other entities with cybersecurity expertise.

Harmonizing regulations specifically for critical infrastructure and associated sub-sectors is of particular importance to the ONCD. It also asks for feedback on emerging tech systems that stand to govern or impact critical infrastructure operations, namely cloud software services.