Sen. Gary Peters, D-Mich., officially introduced bipartisan legislation Monday that would establish an interagency committee to harmonize cybersecurity regulations.
Sen. Peters first teased the ‘‘Streamlining Federal Cybersecurity Regulations Act” last month during a Senate Homeland Security and Governmental Affairs Committee (HSGAC) hearing.
The bipartisan bill – introduced on July 8 with Sen. James Lankford, R-Okla. – would require the National Cyber Director (NCD) to head the harmonization committee, which would be tasked by Congress with harmonizing Federal cybersecurity regulations.
The committee – composed of the head of each regulatory agency – must publish a framework for achieving cyber harmonization within a year after the bill is passed.
According to the text of the Streamlining Federal Cybersecurity Regulations Act, it will require at least three regulatory agencies to carry out a pilot program to implement the harmonization framework.
The bill was referred to the Senate HSGAC – which Sen. Peters chairs – for consideration.
“Passing legislation is the only solution,” Sen. Peters said during the hearing on June 5. “We have to bring independent agencies together and start harmonizing this effort. Only Congress has the power to do so. And if we fail at this mission, we won’t be able to build the most effective response to cyber threats.”
Assistant NCD for Cyber Policy and Programs Nick Leiserson testified during the Senate hearing last month, praising Sens. Peters and Lankford for their new bill.
“The administration supports Chairman Peters’ legislation – consistent with the views previously provided to the committee – that would allow ONCD to better carry out our mission by bringing independent regulatory commissions to the table in a policymaking process, which would act as a catalyst to develop a cross-sector framework more quickly for harmonization and reciprocity,” Leiserson said.
The Senate panel’s hearing followed the White House’s announcement that it is building a pilot reciprocity framework to be used in a critical infrastructure subsector which will give it “valuable insights” into how to best design a harmonized cybersecurity regulatory approach.
However, Leiserson noted that the Streamlining Federal Cybersecurity Regulations Act is still needed because ONCD’s “authorities to test harmonization and reciprocity more broadly are limited.”
