White House Plans to Retire Outdated Cyber Regulations

Federal CISO Greg Touhill

Federal CISO Greg Touhill US Coast Guard

Some of the outdated regulations date back to the 1990s.

White House cyber officials have identified 63 different policy directives, regulations or other requirements they plan to retire, the government’s chief information security officer said Wednesday.

Some of the directives slated for retirement date back to the 1990s, CISO Gregory Touhill told an audience at the FireEye Cyber Defense Summit.

“Frankly, I think it’s OK for us to say, ‘you know what, we don’t have to force the different departments and agencies to go through all these different Y2K orders that we gave back in the ‘90s,” Touhill said, referring to concerns about a major computer crash during the turn of the century.

There’s no firm timeline for when Touhill’s office will release the list of directives, regulations and other orders to be retired, he said, though it will likely be soon. Officials are debating whether to release what they have or wait until they complete the process, he said.

Touhill’s office and the Homeland Security Department have also reduced the number of unpatched critical computer vulnerabilities across government that are more than seven days old, he said. That number is down from 360 several years ago to just five this week, he said.

Officials with President-elect Donald Trump’s transition team have yet to visit Touhill’s office, he said. If asked, Touhill said he would gladly stay in position after Trump takes office.

“I raised my hand, pledged allegiance to the Constitution and I’m willing to serve for as long as I’m needed,” he said.