Overturning of Chevron Deference’s Impact on Cybersecurity Regulation

Season 3, Episode 12: Could the overturning of Chevron Deference impact cybersecurity and privacy regulations?

Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here.

Welcome back to Adopting Zero Trust or AZT. In our latest episode, we assembled a distinguished panel to dig into a timely topic affecting the cybersecurity landscape but has the fog of war wrapped around it. Today’s conversation centered around the recent developments in cybersecurity regulations and their potential impacts, ignited by the Supreme Court overturning Chevron Deference. This, of course, has other potential impacts on all regulation types enforced and shaped by federal agencies, but our focus is, of course, on cybersecurity, privacy, and AI.

The Panel

We welcome back Ilona Cohen, Chief Legal and Policy Officer at HackerOne, who joined us last year to discuss the National Cybersecurity Strategy. Ilona is also the former General Counsel for OMB. We are also joined by the GRC meme king, Troy Fine, the Director of SOC and ISO Assurance Services at Gills Norton. Beyond the memes, Troy takes a practical perspective on regulations and acts as our voice for those who may be most immediately impacted.

Key Takeaways

• Chevron Deference overturned: The Supreme Court's decision removes the requirement for courts to defer to federal agencies' interpretations of ambiguous statutes and now relies on the courts.
• Increased regulatory uncertainty: This ruling may lead to more challenges to existing and future regulations, potentially affecting cybersecurity and AI policies.
• State vs. Federal regulation: The uncertainty at the federal level might prompt states to act more quickly on issues like AI and cybersecurity, potentially creating a patchwork of regulations.
• Impact on AI regulation: With about 40 federal bills addressing AI in the pipeline, the ruling could complicate the process of creating comprehensive federal AI regulations.
• Cybersecurity implications: Existing and proposed cybersecurity regulations, such as the Cyber Incident Reporting for Critical Infrastructure Act, may face new challenges.
• Business concerns: While some business organizations applauded the ruling, the resulting regulatory uncertainty could be problematic for companies trying to plan and comply with regulations.
• Expertise concerns: There are worries that courts may lack the technical expertise to make decisions on complex technological issues like AI without deferring to agency experts.
• Potential for innovation: The regulatory uncertainty might create a wild west period for AI, potentially fostering innovation before more stringent regulations are imposed.
• Self-regulation importance: In the absence of clear federal regulations, industry self-regulation initiatives may become more significant, especially in rapidly evolving fields like AI.

Hosted on Acast. See acast.com/privacy for more information.