Lankford Pushes Back on Government Regulations Slowing Down Cybersecurity

CLICK HERE to view the Q&A on YouTube.

CLICK HERE to view the Q&A on Rumble. 

WASHINGTON, DC – Senator James Lankford (R-OK) participated in a Homeland Security and Governmental Affairs Committee hearing entitled, “Streamlining the Federal Cybersecurity Regulatory Process: The Path to Harmonization,” to push back on burdensome regulations that slow down critical cybersecurity efforts. Witnesses for the hearing included Nicholas Leiserson, the Assistant National Cyber Director for Cyber Policy and Programs under the Office of the National Cyber Director (ONCD) and David Hinchman, the Director Information Technology and Cybersecurity under the Government Accountability Office (GAO).

Lankford has consistently pressed for clear and achievable cybersecurity standards to create clear federal guidelines on compliance in order to protect private information and also to ensure critical operations like health care, schools, and others do not fall victim to cyberattacks, like ransomware and others. Additionally, Lankford has questioned industry leaders about the ongoing complications for privacy and security of using emerging technology like artificial intelligence (AI) and others to ensure the federal government is pushing methods to protect people and privacy as we pursue new technology that may be vulnerable to data theft or corporate privacy risks.

Excerpts

Lankford: …You gave a stat that one of the business organizations said they spend 30 to 50 percent of their time not on security but on compliance. So let’s drill down on that a little bit. Did they give you information or do you have a sense of what that compliance is that could not be done so they can spend more time on security?

Leiserson: Absolutely, Senator, and thanks very much for that question. So, that 30 to 50 percent number is for chief information security officers in their time. That was in response to our RFI last year. More recent testimony, actually, that was given, in April before the Committee on Homeland Security said that when you look at the CISOs’ team’s time, sometimes it’s up to 70 percent.

So, 70 percent of the human capital that, in this case, this is the financial services sector that had done this survey, 70 percent of their team’s time were spent on compliance activities. And the concern that I think we have is not that there shouldn’t be requirements—there absolutely must be. The financial services system, for instance, is absolutely vital to our economy, to our national security. However, when you have time spent on developing reports, on responding to examiners questions, not in a standardized, harmonized way, that is a challenge. And a further challenge is if another regulator then comes in after you have just finished an examination with the first, the second regulator comes in and says, ‘Hey, yes, you have all of these reports that you’ve developed for the first, but we have a different opinion with respect to risk.’

And, the Chairman had asked earlier about why cybersecurity is particularly amenable to harmonization, and the reason is the risks that we’re talking about here is the same. It is the same information systems. So that’s really one of the challenges that we see out there and, why we believe, the approach here is so important.

###