topic Re: Office of the National Cyber Director - Harmonization Request for Information in Industry News

Office of the National Cyber Director - Harmonization Request for Information

AndreaMoore — Thu, 19 Oct 2023 15:02:04 GMT

ONCD Harmonization RFI

Harmonization has been an increasingly important topic of conversation when it comes to cybersecurity legislation and regulations.

As regulation increases so does the opportunity for regulatory overlap and requirements that are inconsistent.

This has affected some industries more than others. Have you been affected? Would you be willing to share for our ISC2 RFI? Please use these questions as prompts and reply to this thread. If you prefer, you can directly email your responses (or discuss challenges overlapping and conflicting regulations further) at crains@isc2.org.

Have you noticed an increase in inconsistent and conflicting cybersecurity regulations and standards in your industry as a cybersecurity professional?
How do regulated entities comply with these conflicting mutually exclusive, or inconsistent requirements?
What are some of the potential consequences cybersecurity teams face as a result of having to comply with a multitude of regulations that may be inconsistent or overlapping?

Your responses could be included in our ONCD RFI.

Please respond by Oct. 27 in order to to have your responses included.

More information: https://www.whitehouse.gov/wp-content/uploads/2023/07/ONCD-Reg-Harm-RFI-Final-July-19.2023.pdf

Re: Office of the National Cyber Director - Harmonization Request for Information

Early_Adopter — Thu, 19 Oct 2023 15:59:20 GMT

Dear Federal Govt…

Please pass sensible well thought out laws that preempt patchwork state laws, regulations etc on cybersecurity, data protection, AI Governance etc. It’s too important to leave to chance where there isn’t legislation covering it and the US should harmonies its own laws and regulations in the way that the EU has for things like GDPR and DORA.

It’ll be tough to get there, there will be much gnashing of teeth and wailing but it will be worth it. You might as well work things out with Canada and Mexico at the same time so NAFTA gets the benifit.

Thanks,

A Friend…

Re: Office of the National Cyber Director - Harmonization Request for Information

JoePete — Fri, 20 Oct 2023 12:20:56 GMT

@AndreaMoore wrote:
Have you noticed an increase in inconsistent and conflicting cybersecurity regulations and standards in your industry as a cybersecurity professional?

What Congress and the courts need to do is sort out authority. Every state has its own set regulations under its authority to regulate business and corporations. However, the federal government always gets pulled in under the umbrella of interstate commerce. If it is a public corporation, you now have the SEC to think about. And when I say "state," it's really all 50 that you have to look at since you can have employees or customers in each of them.

To me the problem isn't that we haven't kept with this "new" technology. Lawmakers have allowed the bells and whistles to distract them from recognizing and applying core legal concepts. If Congress is aghast at Social Media, all it needs to do is eliminate the clause in the Communications Decency Act that exempts online providers from libel and other liability associated with what gets posted on their platforms. These platforms reach more people than any daily newspaper. Yet that newspaper is considered a publisher (subject to libel, invasion of privacy, etc.) and that platform, whose billions in advertising revenue is putting that newspaper out of business, acts with impunity.

You could take the same approach for personal information - essentially it is an issue of copyright. Again companies make billions trading, selling info that is not directly related to the conduct of their primary business. They're making money off my information. If they're going to be allowed to do that, I should be compensated.

In the end, the real problem, especially at the state level is that government exempts itself from regulation. Given that government is one of the biggest custodians of data such exemption misses the mark