Enacting tough federal cybersecurity standards an uphill battle, experts say – By Gopal Ratnam (Roll Call) / June 15 2021
Passing new cybersecurity standards would involve many congressional committees, federal departments, and regulatory bodies
The spate of recent ransomware attacks on federal contractors and operators of critical infrastructure, culminating in the attack on Colonial Pipeline in May, has built momentum for new federal laws and regulations to require disclosure of breaches as well as mandatory cybersecurity standards.
But writing such laws and regulations in a timely manner and ensuring they are finely tailored is likely to pose a challenge involving multiple federal agencies, Congress and the new national cyber director.
In the aftermath of several high-profile cyberattacks, “I do think you’re seeing some recognition that business as usual and the status quo just isn’t going to cut it,” said Frank Cilluffo, director of Auburn University’s Charles D. McCrary Institute for Cyber and Critical Infrastructure Security and a member of the congressional Cyberspace Solarium Commission.
“My hope is that we take a scalpel and not a sledgehammer” to such regulations and mandates, Cilluffo said. .
