NTSC | Southeast Policy Roundtable 2017

Discussion Overview

As we enter an anti-regulatory era, it remains to be seen if this current landscape will benefit the cybersecurity industry. Currently, very little useful cybersecurity regulation exists. Issues such as data breaches, active defense, and cybersecurity standards of care are left for businesses to determine with minimal help, consistency, or oversight.

During the inaugural National Technology Security Coalition (NTSC) Southeast Regional Chief Information Security Officer (CISO) Policy Roundtable on February 1, 2017 (hosted by NTSC Board Member, Pete Chronis, CISO of Turner, at Turner Techwood Campus in Atlanta, Georgia), CISOs discussed the present and future implications of cybersecurity policy on three key questions:

  • What are the pros and cons of nationalizing data breach disclosure laws?
  • Can legislation help the cybersecurity community grapple with emerging threats?
  • What can we learn from European Union security and privacy laws as we shape our own legislative agenda?


Despite a variety of viewpoints at NTSC’s inaugural roundtable, the group was in agreement about:

  • CISOs need a greater voice on the Hill. It’s clear they have been unrepresented too often in past legislative cybersecurity efforts and activities.
  • Cybersecurity legislation and regulation are needed in an anti-regulatory climate. Lacking significant cybersecurity legislation, the United States is in dire need of legislation and regulations that help clarify important issues hurting information protection efforts and American business.
  • The US needs to strike a balance between no regulations and over-regulating. The EU offers lessons in how to craft cybersecurity legislation and regulations, but also serves as a warning of consequences if those efforts are too strict.

Read the full report here!