The Department of Homeland Security wants Congress and other federal agencies to help it streamline 52 different cyber reporting requirements to protect critical infrastructure and ease regulatory burdens on hacking victims. On Tuesday, it released a 107-page report that it hopes will serve as a road map to smooth that process. From a report: More than 30 federal agencies and departments, including the Nuclear Regulatory Commission, Comptroller of the Currency and US Secret Service, have met since June 2022 to hammer out how to reduce regulatory overlap as the federal government grapples with the messy state of cyber reporting rules. They are among members of the Cybersecurity Incident Reporting Council, which was set up as part of a new cyber reporting law passed last year and developed the report recommendations.
“Everybody is desperate for some harmonization and standardization here,” Robert Silvers, DHS’s under secretary for strategy, policy and plans who chairs the council, told Bloomberg News in an interview. “This is a first-of-its-kind effort.” Federal agencies know well that cyber reporting requirements have become “too much of a patchwork,” Silvers added. There are already 45 existing reporting requirements administered by 22 federal agencies, spanning national and economic security concerns to consumer and privacy protections, according to the report. Seven more requirements are expected, including the reporting law that created the council, and a further five are under consideration, according to the report.