Rep. Mark E. Green, U.S. Representative for Tennessee's 7th District | Official U.S. House headshot
Rep. Mark E. Green, U.S. Representative for Tennessee's 7th District | Official U.S. House headshot
Today, the Subcommittee on Cybersecurity and Infrastructure Protection held a hearing to address the challenges of cyber regulatory harmonization. The session was led by Chairman Andrew Garbarino (R-NY) and House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN). The discussion centered on improving the current cyber regulatory framework and defining the role of the Cybersecurity and Infrastructure Security Agency (CISA) in this process.
Chairman Green emphasized that "today’s hearing serves as a crucial opportunity to examine the effectiveness of the federal cyber bureaucracy." He noted that with increasing frequency and sophistication of cyberattacks, it is essential to strengthen and harmonize regulations governing cyberspace to enhance security while reducing costs and confusion.
The focus also turned to CIRCIA—the Cyber Incident Reporting for Critical Infrastructure Act of 2022—which tasked CISA with establishing regulations for reporting cyber incidents across all critical infrastructure sectors. Despite being enacted nearly three years ago, regulatory disharmony remains prevalent in incident reporting.
"There are now at least 50 cyber incident reporting requirements in effect across the federal government," stated Green. He pointed out that these overlapping regulations impose significant compliance costs on private sector entities, detracting from their primary focus on network security.
Federal rules like the SEC's public cyber disclosure rule were highlighted as examples needing urgent reform due to their ambiguous nature and restrictive timelines for incident reporting. According to Green, such standards prioritize compliance over security, leaving critical infrastructure vulnerable.
"Injecting consistency and efficiency into the cyber regulatory regime is necessary," he said, stressing that effective cooperation between private and public sectors is vital for national security. With CIRCIA still in its rulemaking phase until later this year, there remains an opportunity to ensure that harmonization becomes a key feature of national cyber incident reporting requirements.
Green thanked witnesses Scott Aaronson from Edison Electric Institute, Heather Hogsett from Bank Policy Institute, Robert Mayer from USTelecom, and Ari Schwartz from the Cybersecurity Coalition for their participation. Most had previously testified during a CIRCIA hearing last May.
He concluded by highlighting "a unique opportunity" under President Trump's administration "to create a common-sense cyber regulatory structure" aimed at enhancing collaboration between private entities and federal authorities against rising nation-state threats.
Alerts Sign-up