Lankford Introduces Bill to Harmonize Federal Cybersecurity Regulations

OKLAHOMA CITY, OK - Senators James Lankford (R-OK) and Gary Peters (D-MI) introduced the Streamlining Federal Cybersecurity Regulations Act to establish a comprehensive framework for harmonizing cybersecurity regulations across the federal government. The bill would mitigate challenges associated with conflicting, contradictory cybersecurity compliance requirements by establishing an interagency Harmonization Committee at the Office of the National Cyber Director (ONCD).

"Bureaucratic red tape shouldn't get in the way of preventing a cyber attack, but complicated regulations are making it more difficult to address the major cyber threats facing our national security and critical infrastructure. Harmonizing these efforts will make sure that federal requirements are focused on actually improving security instead of imposing a convoluted set of compliance challenges," said Lankford.

"In order to properly combat the threat of cyberattacks, federal agencies must have comprehensive, coordinated cyber regulations in place," said Peters. "My bill will harmonize federal cybersecurity regulations to ensure our government and regulators are working together to address cybersecurity threats in the most effective way."

Last month, Lankford participated in a hearing to examine the current federal efforts to align overlapping federal cybersecurity standards. Witnesses emphasized the significant impact that duplicative or contradictory requirements have on businesses and the need for Congress to take swift action to standardize regulations across critical infrastructure sectors.

Lankford has consistently pressed for achievable cybersecurity standards to create clear federal guidelines on compliance in order to protect private information and also to ensure critical operations like health care, schools, and others do not fall victim to cyberattacks, like ransomware and others. He has questioned industry leaders about the ongoing complications for privacy and security of using emerging technology like artificial intelligence (AI) and others to ensure the federal government is pushing methods to protect people and privacy as we pursue new technology that may be vulnerable to data theft or corporate privacy risks.

As cyberattacks grow in intensity and frequency, the cybersecurity compliance environment has become increasingly complex as agencies and regulatory bodies work to prevent online attacks. In many instances, rather than promoting increased cybersecurity, the complex, contradictory, and convoluted compliance landscape has forced companies to spend time, money, and expertise on regulatory examinations. By some estimates, cybersecurity teams are spending 40 to 70 percent of their time on compliance rather than improvements to their cybersecurity.

The bill would address the challenges associated with often overlapping and burdensome requirements by establishing a way to align cybersecurity and information security regulations, rules, examinations, and other agency requirements. Additionally, the bill establishes a pilot program to test the new framework on substantially similar regulations. It also requires that all agencies, including independent regulatory agencies, to consult with the committee before issuing or updating regulations.

###