The Past, Present and Future of Tech RegulationCenter for Strategic and International Studies' Gerstell on Impact of New Rules
Historically, U.S. regulators have been slow to set controls on critical infrastructure because of the technical complexity of systems in that sector, but that is changing thanks to the U.S. national cybersecurity strategy, said Glenn Gerstell of the Center for Strategic and International Studies.
Gerstell said the U.S. government’s new strategy seeks to address policy gaps by imposing liability on hardware and software manufacturers to detect vulnerabilities that can lead to devastating cyberattacks. Plus, it seeks to harmonize existing cyber regulations nationwide.
"We can't have big states having 50 separate cyber requirements for each state and different reporting mechanisms, so harmonizing these regulations is the key to their success," he added.
Cybersecurity will remain a bipartisan issue in the U.S. Congress since both Republicans and Democrats view China as a major threat actor that needs urgent attention.
In this video interview with Information Security Media Group at RSA Conference 2023, Gerstell discusses:
- Why the United States was slow to regulate cybersecurity;
- How to avoid duplication in regulation;
- The long-term outlook for cybersecurity.
Gerstell previously served as general counsel of the National Security Agency. Prior to joining the NSA, he practiced law for almost 40 years at the international law firm Milbank. He is also an elected member of the American Academy of Diplomacy and a member of the Council on Foreign Relations.