In his post, he highlights Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which among other things directs Executive Branch departments and agencies that regulate the security of private-sector critical infrastructure to assess whether, based on the Cybersecurity Framework, existing regulatory authority is sufficient to address cyber risks.
The degree to which they regulate for cyber security ranges from high-level requirements to voluntary guidance; however, based on their reports, Daniel says he is confident that existing regulatory requirements, complemented with strong voluntary partnerships, can mitigate cyber risks to our critical systems and information. He writes:
“Now, this doesn’t mean that we don’t have more work to do to secure our critical systems and information throughout the country. Nor does it mean that we can stop working to ensure that regulations as written are clear, streamlined, and harmonized. It does mean that agencies with regulatory authority have determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to those systems.”
You can read the complete post here: Assessing Cybersecurity Regulations
[ Photo courtesy of whitehouse.gov ]