Industry Leader: OMB Should Take Lead in Deconflicting Regs Under National Cyber Strategy

March 13, 2023

By Charlie Mitchell / March 13, 2023

Federal agencies should be required to clarify that proposed cybersecurity rules are not “duplicative or in conflict with existing regulations,” according to a key industry player on cyber, an idea embraced by former White House cyber coordinator Michael Daniel as a way to deliver on regulatory streamlining under President Biden’s national cyber strategy.

“Agencies should have to show what they’re proposing makes sense and doesn’t conflict or repeat other rules,” Daniel told Inside Cybersecurity. “This is an imminently reasonable process point.”

The Office of Management and Budget would require agencies to include a finding that their regulatory proposals don’t conflict with or duplicate requirements already in place, according to Internet Security Alliance president Larry Clinton, who pitched the idea to Acting Principal Deputy National Cyber Director Rob Knake at a March 2 event to unveil the national cyber strategy.

Clinton in a recent message to the ISA board of directors said, “Following the event, I had an opportunity to discuss this further with [Knake] and suggested that we need to first do the streamlining before we add any new regulations.”

Clinton said, “I suggested that one way to do that would be for OMB to make a requirement that any new regulation must come with a finding from the regulatory agency that the new regs are not duplicative or in conflict with existing regulations.”

Knake made no commitment on the spot, Clinton said, but Daniel was also present and said such a directive from OMB “would have the desired impact.”

Daniel observed in his conversation with Inside Cybersecurity that “not much would need to change at OMB” to incorporate Clinton’s idea into its review of proposed cyber rules. “OMB already requires a cost-benefit analysis and [the Office of Information and Regulatory Affairs] is naturally skeptical of new rules,” he said.

Prior to serving as President Obama’s cyber coordinator, Daniel was a senior official at OMB. He now leads the Cyber Threat Alliance.

The Office of the National Cyber Director didn’t respond to a request for comment. Knake is expected to make an appearance before Clinton’s ISA board on March 22. Also scheduled to appear are CISA Director Jen Easterly, executive assistant director for cyber Eric Goldstein, chief of staff Kiersten Todt and House Homeland Security cyber subcommittee Chairman Andrew Garbarino (R-NY).

Allocating burdens

Acting National Cyber Director Kemba Walden at the launch event said regulation under the strategy will be focused and harmonized, and will “reward those who seriously invest in cybersecurity.”

Daniel said “one of the goals of the national cyber strategy is not just to increase regulation to get some sectors up to a baseline, it’s also to reduce the burden on [currently] regulated sectors.”

He said the Office of the National Cyber Director will “drive implementation” of the strategy across the federal government and called this “a big shift in how we allocate the cyber burden across the whole ecosystem.”

”The biggest challenge,” Daniel said, “is what to do with independent regulators. There is a role for Congress to say to these agencies ‘you should really look at deconflicting regulations.’ This could be bipartisan if you find a space where you’re raising the floor [on unregulated industries] but also reducing the burden on heavily regulated entities.”

Daniel said, “That’s the balance.” He said this is viewed within the administration as “a long-term process.”

Clinton said in the message to his board members, “At the launch event [last week] I had an opportunity to ask [Deputy National Security Advisor for Cyber] Anne Neuberger what specifically they meant by ‘harmonizing,’ regulations. Her response was ‘originations need to only be regulated once and we need to work to make that the case. This is a responsibility of government. We owe this to the private sector, this one is on us.’”

Clinton also noted comments on the strategy from the new GOP leaders of the House Homeland Security Committee focused on reducing regulatory burdens for industry.

Homeland Security Chairman Mark Green (R-TN) and Garbarino said the strategy “rightly highlights the need for public-private collaboration and federal government coordination,” but that “this Administration’s desire for more regulation, bureaucracy, and red tape is a consistent theme.”

Clinton said, “I anticipate that the authorizing committee in Congress will be assisting in pushing this policy. Again we will have an opportunity to press these points with these offices when the ISA board meets with them during the board meeting.” — Charlie Mitchell (cmitchell@iwpnews.com)