Freely subscribe to our NEWSLETTER

In her written testimony, Hogsett highlights several actions the government should prioritize as it reexamines existing cyber regulations:
• Withdraw and Reissue CISA’s Proposed Cyber Incident Reporting Rule. CISA’s proposed implementation of the Cyber Incident Reporting for Critical Infrastructure Act is overly broad, diverges from congressional intent and diverts critical cyber defense towards compliance rather than mitigating threats.
• Rescind the SEC’s Cyber Incident Disclosure Rule. Mandating public disclosures of ongoing cyber incidents could inadvertently aid cybercriminals by exposing a company’s vulnerabilities to other illicit actors, exacerbating harm to a company, its shareholders and its customers.
• Eliminate Duplicative Cyber Incident Reporting Requirements. Financial institutions currently navigate more than 10 separate cyber incident reporting mandates in the U.S. alone. Agencies should leverage CIRCIA as the primary reporting framework and eliminate bespoke requirements.
• Streamline Cybersecurity Regulatory Requirements and Supervision. Financial institutions are subject to cybersecurity examinations by multiple agencies, including the Office of the Comptroller of the Currency, the Federal Reserve and the FDIC. Consolidating redundant assessments and compliance obligations would free up critical cybersecurity resources and enhance operational efficiency.

Hogsett also underscored the need for Congress to reauthorize the Cybersecurity Information Sharing Act of 2015, which helps to enable information sharing between public and private entities. Without reauthorization, critical threat intelligence-sharing efforts could be severely disrupted.