The Trump administration should slash cybersecurity regulations and double down on winning the trust of the private sector, the U.S. tech industry’s largest trade group said in a paper published Tuesday.
In a report laying out recommendations for the White House’s Office of the National Cyber Director — now helmed by newly confirmed Trump appointee Sean Cairncross — the Information Technology Industry Council said the government should focus on “results-driven action.”
“There is a need to prioritize impactful security outcomes, slash red tape, rethink legacy network architectures, invest in secure modern systems, and strengthen trusted partnerships between the public and private sectors,” ITI said.
Achieving results, the group argued, “means empowering defenders with what they need to win: efficiency, appropriate resourcing, and the freedom to focus on real threats, not on navigating a web of regulatory regimes.”
The report is the latest example of the tech industry’s concerted effort to convince Trump administration officials to reduce some of the cybersecurity oversight mechanisms created by the Biden administration.
ITI has repeatedly called for the federal government to harmonize its patchwork of cyber regulations. In the new paper, the group argues for “a unified, risk-based reporting standard” that replaces multiple existing and pending rules. The standard would focus on “verified, significant incidents,” include “a 72-hour reporting window following incident confirmation” and exclude third-party service providers from reporting obligations, according to the report.
The paper repeated ITI’s criticisms of the Cybersecurity and Infrastructure Security Agency’s proposed cyber incident reporting rule, saying it “overreaches on scope and definitions, creating confusion without delivering better security.” The group urged ONCD to put the rule “back on track” by working with CISA to “narrow the rule’s scope” and “align it with existing reporting regimes.” With those changes, ITI said, the rule could become “a targeted, high-impact tool that reflects Congress’s intent and supports meaningful cyber defense.”
AI for cyber defenses
The paper also encourages ONCD to champion the increased use of artificial intelligence for cyber defense, spearhead the restoration of the Critical Infrastructure Partnership Advisory Council framework and advocate for CISA to get the resources it needs for the shared services it provides to other agencies. Other recommendations deal with preserving the Common Vulnerability and Exposures (CVE) program and prioritizing agencies’ post-quantum cryptography and zero-trust migrations.
Cairncross, a veteran Republican political operative, appears inclined to embrace these proposals. He told senators at his June confirmation hearing that he would emphasize industry partnerships and prioritize “working on a regulatory scheme that makes sense.”
