Having worked for an electric grid operator I can state that this “patchwork of cybersecurity regulations” is indeed an issue that need not exist.
Baseline Cybersecurity Performance Goals (CPG) produced by CISA provide a practical and effective set of cybersecurity practices that could be the basis for harmonized cybersecurity practices. Then we could stop trying to satisfy some truly unrealistic cybersecurity requirements like the NERC CIP virtualization cybersecurity standards effort that has been going on since 2016, which remains an open item in 2024.
The critical infrastructure sectors need one set of baseline cybersecurity practices, like the CISA CPG, to streamline regulatory compliance and provide effective, consistent cybersecurity protections that work.
I concur Brandon:
” It is hard to dispute that there is a need for cyber regulatory harmonization, and it is time to make it happen. This is an area for the incoming administration and Congress to push this commonsense, bipartisan idea across the finish line as a way to improve the cybersecurity ecosystem, while simultaneously making it more efficient for industry and government.
Brandon Pugh, Esq. is the director of the R Street Institute’s cybersecurity and emerging threats team. He previously served in elected office and was Republican counsel covering cyber issues for a state legislature.”