White House grapples with harmonizing thicket of cybersecurity rules | CyberScoop<\/title> <meta name=\"description\" content=\"The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cybersecurity-strategy-harmonization-critical-infrastructure\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"White House grapples with harmonizing thicket of cybersecurity rules\"> <meta property=\"og:description\" content=\"The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cybersecurity-strategy-harmonization-critical-infrastructure\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-09-18T16:16:44+00:00\"> <meta property=\"article:modified_time\" content=\"2023-09-18T16:16:45+00:00\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1693959706g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693499496g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1694542629g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77127\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77127\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-strategy-harmonization-critical-infrastructure%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-strategy-harmonization-critical-infrastructure%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77127 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-strategy-harmonization-critical-infrastructure\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.998333333333\">\n<div class=\"single-article__header-content\" readability=\"30.495535714286\">\n<p> The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"432\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules.jpg?resize=640%2C432&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=300,202 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=768,518 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=1024,691 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=1536,1036 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=600,405 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=249,168 249w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=500,337 500w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=1001,675 1001w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules-1.jpg?resize=1250,843 1250w\" sizes=\"(max-width: 1001px) 100vw, 1001px\"><figcaption> The White House in Washington, D.C. (Photo by Caroline Purser\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"106.33663901911\"><body readability=\"214.96750045645\"><\/p>\n<p>Pour one out for the cyber bureaucrats in the Biden administration. <\/p>\n<p>In recent weeks, the White House has embarked on a dizzying task: trying to harmonize the exceedingly broad number of cybersecurity-related regulations and technical standards set by industry that corporations and critical infrastructure operators must abide by. <\/p>\n<p>That monumental task is likely to span years \u2014 perhaps even administrations. Its outcome has the potential to radically reshape cyber policy and regulations for 16 critical infrastructure sectors. Assuming it gets done.<\/p>\n<p>The initial goal is to create a framework for a single mandate so critical infrastructure owners and operators have \u201creciprocity\u201d across standards. That would mean that complying with a set of standards in one domain would, in theory, result in compliance in another and reduce compliance costs. Large corporations spread across multiple sectors would spend more on cyber defense , and smaller corporations that currently can\u2019t keep up with security spending might allocate a bit more of their budget toward defense. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cOur thesis here is: You can get better cybersecurity outcomes, you can do a better job of raising the bar for critical infrastructure cybersecurity or lower the cost if you remove some of the red tape associated with compliance,\u201d said Nick Leiserson, the assistant national cyber director for cyber policy and programs at the Office of the National Cyber Director.<\/p>\n<p>Amid the task of harmonizing regulations, cyberattacks against critical infrastructure organizations are only increasing. Harmonizing regulations could be a way to deliver significant security dividends at a time when ransomware gangs are attacking everything from <a href=\"https:\/\/cyberscoop.com\/las-vegas-mgm-caesars-cyber-attack\/\">casino operators<\/a> to hospitals and Russian and Chinese hackers are increasingly probing U.S. critical infrastructure entities. Harmonizing regulations is task 1.1.1 in <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2023\/07\/National-Cybersecurity-Strategy-Implementation-Plan-WH.gov_.pdf\">the National Cybersecurity Strategy Implementation Plan<\/a>, which calls on the Office of the National Cyber Director and the Office of Management and Budget to lead the effort.<\/p>\n<p>A recent <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2023\/07\/ONCD-Reg-Harm-RFI-Final-July-19.2023.pdf\">request for information<\/a> from the ONCD provides a sense of the office\u2019s approach and the scope of the task. The request not only asks which federal regulations are duplicative, but also seeks information about state regulations, international regulations and industry-led standards that many industries \u2014 regulated or not \u2014 adhere to.<\/p>\n<p>\u201cWhat we\u2019re trying to figure out right now is A: \u2018Is this as big of a problem as we think it is?\u2019 and B: \u2018What are different models that might work?’\u201d Leiserson said.<\/p>\n<p>Munish Walther-Puri, vice president of cyber risk at Exiger and former director of cyber risk for New York City\u2019s Cyber Command, described the current maze of rules, regulations and standards as a \u201cregulatory cacophony.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFor companies specifically that own or operate critical infrastructure, deal with private health information and\/or have a footprint that spans jurisdictions, compliance feels out of reach. They\u2019re in dire need of a conductor,\u201d Walther-Puri said.<\/p>\n<p>That mess is evident in breach notification laws. The Securities Exchange Commission recently <a href=\"https:\/\/cyberscoop.com\/sec-cybersecurity-breach-disclosure\/\">rolled out rules<\/a> requiring companies to report to shareholders any cybersecurity incidents that are \u201cmaterial\u201d to the firm. At the same time, some \u2014 but not all \u2014 publicly traded companies also have to comply with CISA\u2019s incident reporting rules codified in the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was passed into law to get a sense of the landscape of cyberattacks and to harmonize regulations for covered organizations.<\/p>\n<p>Growing breach notification rules are resulting in \u201cfederal agencies with different responsibilities\u201d having to \u201cspread their net,\u201d and that\u2019s resulting in nets \u201cgetting tangled with each other,\u201d said Arjun Ramadevanahalli, a cybersecurity-focused lawyer at the law firm Morgan Lewis.<\/p>\n<p>Other aspects of harmonization efforts are quite prosaic: One major aspect of regulatory harmonization comes down to determining what type of information goes in what form and where. \u201cAre you generally asking for the same things to be done? And if you\u2019re asking for the same things to be done, can the evidence be harmonized?\u201d said Bob Kolasky, a senior vice president for critical infrastructure at Exiger who previously led CISA\u2019s National Risk Management Center.<\/p>\n<p>A separate hurdle is ensuring that the auditors who determine if a regulation is being followed see harmonized rules in the same way. If not, one auditor may interpret a rule differently than another, defeating a major purpose of harmonization efforts.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While the harmonization efforts span all 16 critical infrastructure sectors, the White House is not currently planning on including operational technology \u2014 which is hardware and software that can monitor or control physical environments \u2014 in the mix, Leiserson said. Operational technology is considered too \u201cbespoke\u201d and dependent on the goal or service of each facility or utility.<\/p>\n<p>Instead, the White House will focus on common IT stacks that are replicable across multiple sectors. The current working assumption within the White House, Leiserson said, is that different industrial environments, whether a power plant or a water utility, may be using similar equipment, like programmable logic controllers, for entirely different services. However, most organizations will have IT stacks, such as Microsoft\u2019s Azure Active Directory, in common on the business side.<\/p>\n<p>The decision to not include rules around operational technology in harmonization efforts is a decision some experts question. If the goal of harmonization is to put the same requirements on companies and technologies that support multiple regulated entities and establish a measure of commonality, then \u201cOT certainly fits into the commonality question.\u201d<\/p>\n<p>\u201cOne reason we\u2019re so concerned about OT cyber vulnerabilities is it starts to cross over to a safety issue,\u201d Kolasky said. \u201cWe have a long history of trying to regulate for safety.\u201d<\/p>\n<p>Leiserson stresses that the administration\u2019s approach to harmonization may still change in response to its request for information \u2014 <a href=\"https:\/\/www.regulations.gov\/document\/ONCD_FRDOC_0001-0002\">comments to which are due on Oct. 31<\/a>. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Among the unanswered questions at this stage is whether the administration will integrate cloud computing security into its regulatory overhaul. <\/p>\n<p>The RFI asks for examples of regulatory obligations that are \u201cpassed along\u201d through contracts to the cloud service providers. Such contracts are fairly common among regulated companies, to the point that outsourcing compliance is an economy in its own right. <\/p>\n<p>Similar to how electricity \u2014 the production of which comes from a regulated critical infrastructure sector \u2014 powers a huge portion of the U.S. economy, cloud computing provides a resource without which a massive number of businesses could not operate. Nonetheless, cloud computing has not been designated as critical infrastructure, and how the industry fits into harmonization efforts remains to be seen. <\/p>\n<p>\u201cIt\u2019s a real benefit for a lot of smaller organizations, but it means we\u2019re concentrating a lot of dependence and risk of really important systems onto a few large technology stacks,\u201d Maia Hamin, the associate director at the Atlantic Council\u2019s Cyber Statecraft Initiative, said of cloud computing\u2019s role in the U.S. economy.<\/p>\n<p>While the administration has tried to strengthen cybersecurity regulations using existing laws, that effort has run into roadblocks, and a full overhaul of cybersecurity rules may require an act of Congress. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>When the Biden administration recently tried to <a href=\"http:\/\/cyberscoop.com\/epa-water-cyber-regulations\/\">strengthen cybersecurity rules for public water utilities<\/a> via the Environmental Protection Agency, for instance, it relied on sanitary surveys to evaluate the cybersecurity posture of water utilities, only to <a href=\"https:\/\/cyberscoop.com\/bide-cybersecurity-strategy-implementation\/\">face legal opposition<\/a> from Republican states and industry trade groups arguing the agency overstepped its authority.<\/p>\n<p>\u201cI don\u2019t think water is going to work through the sanitary checks, I think that\u2019s just passing the problem to 54 states and territory organizations who are not ready to do it,\u201d said Mark Montgomery, former executive director of the Cyberspace Solarium Commission who is now senior director at the Center on Cyber and Technology Innovation at Foundation for Defense of Democracies.<\/p>\n<p>Water industry trade groups and some experts have argued that water utilities should be subject to a similar regulatory structure as the electric grid, where there is an independent regulator that works with industry to develop standards and another agency to enforce those standards. While there has been little indication that the administration is interested in such an overhaul, the White House needs industry buy-in to reach harmonization.<\/p>\n<p>\u201cI\u2019m sympathetic that they\u2019re trying to do as much as they can without requiring Congress to pass a bunch of new laws,\u201d Kolasky said. \u201cWe\u2019re going to run into the limits of what can be done without the laws and new authorities.\u201d <\/p>\n<p>Leiserson said the administration is not thinking about any major policy changes that might involve Congress, as it\u2019s \u201cputting the cart before the horse.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIf we have a framework that makes sense, then we can say, \u2018What do we need to get from here to there?’\u201d Leiserson said. \u201cIs this something that regulators can do using their existing authorities? Is this something that there is a gap in authorities that we would have to look for legislation for?\u201d<\/p>\n<p>While harmonization is about reducing compliance costs, it\u2019s not clear that federal agencies are sufficiently resourced to oversee a more robust regulatory regime. Prior to <a href=\"https:\/\/cyberscoop.com\/gas-pipeline-cyberattack-ransomware-colonial\/\">the Colonial Pipeline ransomware attack<\/a> that cut off the flow of vital energy supplies to the Eastern Seaboard, the Transportation Security Agency\u2019s division responsible for overseeing the cybersecurity of the pipeline industry was operating with what was essentially a skeleton crew pre-Colonial Pipeline, according to a 2018 <a href=\"https:\/\/www.gao.gov\/products\/gao-19-48\">Government Accountability Office report<\/a>.<\/p>\n<p>The EPA faces <a href=\"https:\/\/www.fdd.org\/analysis\/2021\/11\/18\/poor-cybersecurity-makes-water-a-weak-link-in-critical-infrastructure\/\">similar workforce and resourcing difficulties<\/a>, and experts caution that harmonization efforts will only be as good as the work of agencies that implement them.<\/p>\n<p>\u201cTheoretically, you come up with the best solution across industries and sectors, but then you have to take into consideration if it\u2019s cost prohibitive,\u201d said Amy Chang, resident senior fellow for cybersecurity and emerging threats at the think tank RStreet. <\/p>\n<p>Chang said two critical questions face harmonization efforts. First, do agencies have the money? Second, do companies that do business with the federal government have money to put in place appropriate cybersecurity standards? In both cases, she said, \u201cI\u2019m sure the answer is no, and, in that case, what is the solution?\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-strategy-harmonization-critical-infrastructure\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>White House grapples with harmonizing thicket of cybersecurity rules |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[413,520,521,874,439],"tags":[415,523,524,876,443],"class_list":["post-1731","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure","category-national-cybersecurity-strategy","category-office-of-the-national-cyber-director","category-operational-technology","category-policy","tag-critical-infrastructure","tag-national-cybersecurity-strategy","tag-office-of-the-national-cyber-director","tag-operational-technology","tag-policy"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-cybersecurity-strategy\/\" rel=\"category tag\">National Cybersecurity Strategy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/office-of-the-national-cyber-director\/\" rel=\"category tag\">Office of the National Cyber Director<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/operational-technology\/\" rel=\"category tag\">operational technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a>","tag_info":"Policy","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1731"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1731\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1731,"date":"2023-09-18T16:16:44","date_gmt":"2023-09-18T16:16:44","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77127"},"modified":"2023-09-18T16:16:44","modified_gmt":"2023-09-18T16:16:44","slug":"white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/09\/18\/white-house-grapples-with-harmonizing-thicket-of-cybersecurity-rules\/","title":{"rendered":"White House grapples with harmonizing thicket of cybersecurity rules"},"content":{"rendered":"