Several reports this past weekend highlighted the Trump Administration’s plans to use AI to substantially reduce as many as 100,000 federal regulations. While the target date for that broader project points to 2026, and could face legal challenges, the OMB can already take substantial steps to use advanced technology to vastly improve cybersecurity regulations which will both save money while simultaneously enhancing our nation’s security posture.
In April the Chairs of the House Oversight and Government Reform Committee (which has jurisdiction over OMB) and the House Homeland Security Committee wrote toe OMB Director Vought detailing how OMB already had authority to eliminate the massive redundancies in federal cybersecurity regulations.
The Congressional letter directed OMB to “act now” to eliminate the redundancies which, according to a GAO report compromise, between 49-79% of existing cybersecurity resources. The congressional letter noted concluded that “eliminating the duplicative landscape of cyber regulations is the fastest, most cost-effective way to materially improve the nation’s cybersecurity.”
That same week a group of coalition of six major tech groups – the Internet Security Alliance (ISA), The Information Technology Industry Council (ITI), the Business Software Alliance (BSA) the Consumer Technology Association (CTA), ACT – The App Association and the Global Resilience Federation Business Resilience Council also wrote to the OMB echoing the congressional call to eliminate the redundant cyber regulations and specifically proposing a method for using advance technology to facilitate the process.
The industry proposal suggests using the technology to simply identify the areas of redundancy and then create a collaborative process when agencies would have to work with industry streamline the regulations or eliminate them.
The industry proposal identifies several existing methodologies such as NLP algorithms and semantic similarity analysis that can be used to analyze large volumes of regulatory texts and identify similar language, concepts, and requirements across different frameworks. These methodologies can help understand the meaning and intent behind regulatory language and identify functionally similar requirements, even when the wording differs.
The congressional and industry proposals offer a case=study in how advanced technology can be sensibly used operating within existing legal structures to reduce the cost of repetitive, wasteful and counter-productive regulations while streamlining the process to enhance our nation’s security.
Larry Clinton
President
Internet Security Alliance
