As we enter an anti-regulatory era, it remains to be seen if this
current landscape will benefit the cybersecurity industry. Currently,
very little useful cybersecurity regulation exists. Issues such as data
breaches, active defense, and cybersecurity standards of care are left
for businesses to determine with minimal help, consistency, or
During the inaugural National Technology Security Coalition (NTSC)
Southeast Regional Chief Information Security Officer (CISO) Policy
Roundtable on February 1, 2017 (hosted by NTSC Board Member, Pete
Chronis, CISO of Turner, at Turner Techwood Campus in Atlanta, Georgia),
CISOs discussed the present and future implications of cybersecurity
policy on three key questions:
- What are the pros and cons of nationalizing data breach disclosure laws?
- Can legislation help the cybersecurity community grapple with emerging threats?
- What can we learn from European Union security and privacy laws as we shape our own legislative agenda?
Despite a variety of viewpoints at NTSC’s inaugural roundtable, the group was in agreement about:
- CISOs need a greater voice on the Hill. It’s clear they have been unrepresented too often in past legislative cybersecurity efforts and activities.
- Cybersecurity legislation and regulation are needed in an anti-regulatory climate.
Lacking significant cybersecurity legislation, the United States is in
dire need of legislation and regulations that help clarify important
issues hurting information protection efforts and American business.
- The US needs to strike a balance between no regulations and over-regulating.
The EU offers lessons in how to craft cybersecurity legislation and
regulations, but also serves as a warning of consequences if those
efforts are too strict.
Read the full report here!