COMMENTARY

In the high-stakes world of cybersecurity, the ground is shifting beneath the feet of those charged with protecting our digital infrastructure. First came the new Securities and Exchange Commission (SEC) rules and lawsuits related to cybersecurity. More recently, a US Supreme Court ruling promises to reshape the regulatory landscape, compelling federal officials to rethink their approach to cyber governance.

The Chevron Decision: A New Layer of Complexity

For cybersecurity professionals, the legal move potentially more significant than the dismissal of the SolarWinds suit was the Supreme Court’s decision in June to reverse the so-called Chevron doctrine. The Chevron doctrine, established by a previous case in 1984, required the courts to defer to a federal agency’s reasonable interpretation of ambiguous statutes.

Now, the wisdom of agencies — whether the SEC or other bodies — is no longer assumed. The overturning of this decades-old Chevron precedent has created uncertainty around the enforcement of cybersecurity regulations, making it even potentially harder for CISOs to navigate the regulatory landscape.

Navigating the Regulatory Landscape Amidst Uncertainty

Even as the rule book may be in flux, though, the professional mission of the CISO remains unchanged: protecting their organization in a world of constant, continually evolving threats. That requires clear thinking and the ability to keep one’s head amid chaos.

In other words: Keep calm and carry on.