Lawfare
In the absence of congressional action setting minimum cybersecurity requirements for critical infrastructure, many sector-specific agencies could use authorities to protect public safety that are already available in their organic statutes. However, concerns about the lengthy delays entailed in notice-and-comment rulemaking under the Administrative Procedure Act (APA) may be discouraging many agencies from even starting the process.
But agencies need not subject themselves to the agonies of full-blown rulemaking, especially for targeted and interim measures adopted in response to a documented crisis. The APA itself contains an exception, actually invoked quite often, to dispense with notice-and-comment “when the agency for good cause finds … that notice and public procedure thereon are
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: