The EPA faces similar workforce and resourcing difficulties, and experts caution that harmonization efforts will only be as good as the work of agencies that implement them.

“Theoretically, you come up with the best solution across industries and sectors, but then you have to take into consideration if it’s cost prohibitive,” said Amy Chang, resident senior fellow for cybersecurity and emerging threats at the think tank RStreet. 

Chang said two critical questions face harmonization efforts. First, do agencies have the money? Second, do companies that do business with the federal government have money to put in place appropriate cybersecurity standards? In both cases, she said, “I’m sure the answer is no, and, in that case, what is the solution?”