Bipartisan effort to clean up cyber regulations gets a boost in House, but calendar is tight

A House Republican late last week introduced legislation to untangle the country’s jumble of cybersecurity regulations, keeping the bipartisan proposal alive as Congress finishes its work for 2024.

The measure from Rep. Clay Higgins of Louisiana, a member of both the House Homeland Security and Oversight committees, is a companion bill to bipartisan legislation that sailed through the panel’s Senate counterpart in July by a 14-1 vote. Recorded Future News first reported on the proposed law.

Both would require the White House’s national cyber director to establish a committee to harmonize the patchwork of cyber requirements imposed on the private sector by federal regulatory agencies. 

The Biden administration has given the legislation its full-throated support, arguing the existing landscape is a myriad of inadequate, and often redundant, requirements that actually harm the nation’s digital defenses.

“Duplicative requirements … can, perversely, result in worse cybersecurity outcomes, because teams have to focus on compliance instead of directly mitigating cyber risk,” Harry Coker, the country’s current cyber czar, said at Columbia SIPA cyber conference last week.

But the click is ticking. There are only a few weeks left in the lame-duck session of Congress and there are only a handful of legislative vehicles the regulatory bill — which still has to be approved by committee and then the full chamber — could be attached to. A new Congress starts January 3, and President-elect Donald Trump will take office soon after that, resetting the legislative agenda.

Higgins’ legislation could hitch a ride on another short-term government funding bill. The current spending bill expires on December 20. Republicans leaders have already signaled they will punt the issue into 2025 after the GOP secured a trifecta in government by seizing control of the White House and both chambers of Congress.

However, it’s possible the proposed regulation overhaul ultimately expires at the end of the current two-year congressional term, meaning proponents would have to try again in the future.

Nicholas Leiserson, assistant national cyber director for cyber policy and programs, held out hope that the legislation would make it through the year-end gauntlet.

“As ever in a lame duck, there's a lot of activity going on at the end of the Congress. But, from our standpoint, this has been a bipartisan issue from the beginning,” he told Recorded Future News on Friday during a phone interview.

Leiserson said that “folks from across the political spectrum” have come to support the legislation’s goal because it’s one of only a “few cases in government where you can actually get better cybersecurity outcomes for less money,” noting Auburn University’s McCrary Institute last month issued a list dozens of recommendations to revamp federal cyber policy with harmonization in the top spot.

Leiserson declined to speculate about what would happen if the bill isn’t approved before lawmakers adjourn for the year.

“Our hope is certainly that this is going to get done as soon as possible. That's our priority,” he said. 

“What happens if it doesn't is really up to the next administration.”