Members of the U.S. House Homeland Security and Oversight Committees have reached out to Russell Vought, director of the Office of Management and Budget (OMB), urging the agency to streamline duplicative and resource-heavy cybersecurity regulations. They argued that these burdensome requirements divert critical infrastructure owners and operators from actively defending their networks.
Mark E. Green, a Republican representative from Tennessee and the chairman of the U.S. House Committee on Homeland Security; James Comer, a Kentucky Republican and chairman of the Committee on Oversight and Government Reform; Clay Higgins, a Los Angeles Republican and chairman of the Subcommittee on Federal Law Enforcement; Nancy Mace, a South Carolina Republican and chairwoman of the subcommittee on Cybersecurity, Information Technology, and Government Innovation; and Andy Biggs, a Republican from Arizona and member of the Committee on Oversight and Government Reform have in a letter asked the OMB to reduce compliance burdens by reviewing existing and future cyber regulations, identifying opportunities for harmonization within and across agencies, and thoroughly examining the existing cyber regulatory landscape for redundancy in coordination with the Office of the National Cyber Director (ONCD) and Cybersecurity and Infrastructure Security Agency (CISA).
To support congressional efforts to streamline cyber regulations and carry out oversight responsibilities related to cybersecurity and regulatory matters, including identifying legal barriers requiring legislative action, the members have requested a briefing on OMB’s plans to streamline cyber regulations by Apr. 28.
As the agency responsible for overseeing federal regulations, the OMB plays a critical role in strengthening the nation’s cybersecurity posture. The members urged the agency to prioritize the review of current and future federal cyber regulations, working in coordination with ONCD and CISA to assess the existing regulatory landscape, eliminate duplication and redundancy, and identify opportunities for reciprocity across agencies.
The members pointed out that the U.S. cyber regulatory regime should facilitate valuable and actionable information sharing that reinforces the security measures companies undertake to defend against, and respond to, cyber incidents. As nation-state and criminal actors increasingly target U.S. networks and critical infrastructure in cyberspace, we can no longer allow compliance burdens to hinder the agility of U.S.-based companies to respond to threats promptly.
“Compliance burdens imposed on companies can be reduced by streamlining cybersecurity requirements, which multiple stakeholders have testified as being unnecessarily duplicative. For example, in 2020, four federal agencies established cybersecurity requirements for states aimed at securing data,” the letter stated. “According to the U.S. Government Accountability Office (GAO), the percentage of conflicting parameters for these requirements ranged from 49 to 79 percent. Entities subject to these requirements should not bear the brunt of the federal government’s lack of coordination.”
The letter noted, “In line with President Trump’s 10-to-1 deregulation initiative, OMB must not issue any new cyber regulations without repealing at least ten existing rules and ensuring the net total cost of new and repealed regulations are less than zero.”
“As Congress continues its work to streamline cyber regulations, we urge OMB to take these steps to rein in the cyber regulatory landscape to dramatically improve the security and resiliency of U.S. networks and critical infrastructure,” the members wrote. “Eliminating the duplicative landscape of cyber regulations is the fastest, most cost-effective way to materially improve the nation’s cybersecurity.”
Last month, House Committee on Homeland Security members wrote to Adam Stahl, the Acting Administrator of the Transportation Security Administration (TSA), emphasizing the importance of the agency’s cybersecurity and resilience strategies amid escalating threats. The committee members highlighted the dynamic nature of cyber threats targeting the nation’s transportation infrastructure, necessitating a flexible cybersecurity approach that avoids complicating the already intricate regulatory environment.
