Trump Administration's Cybersecurity Policy in Focus: Review of Key Regulations Looms
The second Trump administration's cybersecurity policy is still taking shape, but GOP lawmakers are urging the White House to kick off a review of existing and future cyber regulations. The review would focus on three key rules that have been gaining attention.
Cybersecurity Incidents: A Growing Concern
The Cybersecurity and Infrastructure Security Agency (CISA) has been working on the Cyber Incident Reporting Act for Critical Infrastructure, or CIRCIA. The proposed rule would set incident reporting requirements for entities across all 16 critical infrastructure sectors. However, lawmakers are concerned that the current draft undermines Congressional intent by imposing another layer of duplication.
Healthcare Security Requirements: A Critical Update
The Department of Health and Human Services (HHS) has released long-awaited cybersecurity updates to the Health Insurance Portability and Accountability Act, or HIPAA. The rule sets baseline cybersecurity standards for protecting sensitive healthcare data, which has been a major target for ransomware thieves.
SEC's Cyber Risk Management Requirements: A New Challenge
The Securities and Exchange Commission (SEC) has adopted rules requiring public companies to notify investors of major cyber incidents and detail their cyber risk management plans in annual reports. However, GOP lawmakers have criticized the rule for being ambiguous and setting constrictive reporting timelines.
Lawmakers Call for Review
In a letter to Office of Management and Budget Director Russell Vought, Republican leaders on the House Homeland Security Committee and the House Oversight and Government Reform Committee urged him to prioritize the review of existing and future federal cyber regulations. They want OMB to examine the existing cyber regulatory landscape for duplication and redundancy and identify opportunities for reciprocity within and between agencies.
A Review is Needed
The lawmakers argue that eliminating duplicative cyber regulations is the fastest and most cost-effective way to improve the nation's cybersecurity. They want a briefing on OMB's efforts to streamline cyber regulations by the end of the month.
SEC Chairman Takes Office
The Senate has confirmed Paul Atkins, President Donald Trump's pick to serve as chairman of the SEC. However, his position on the SEC's cyber rule remains unclear. John Reed Stark, former chief of the SEC's Office of Internet Enforcement, expects Atkins to slow down the enforcement program relating to cybersecurity disclosure.
Conclusion
The review of federal cyber regulations is a critical step in ensuring that the nation's cybersecurity is improved and that duplication and redundancy are eliminated. The Trump administration must take action to address these concerns and ensure that the country is better prepared to face growing cybersecurity threats.