Industry is going to have to fight hard to prevent being overwhelmed by multiplying, inconsistent, and more prescriptive cybersecurity rules.  That’s one major takeaway from a recent Coalition for Government Procurement seminar on cyber requirements for both contractors and companies doing business in the commercial sector.  Regulatory harmonization, often defined as having fewer overall rules, or at least having some commonality among different requirements, is pretty well non-existent according to lawyers with experience in this field.  Instead, large and small companies can expect more cyber reporting rules on their government contracts, increasing costs to comply with those rules, and the risk that government agencies may not always be able to keep confidentially reported information from being hacked or shared.  Two general trends are emerging in cyber reporting that contractors need to track.  First, earlier and more frequent reporting of cyber incidences to government agencies.  Second, more “public” reporting and sharing of information about security breaches.  The definition of what constitutes a cyber issue is expanding as well.  Hardware, software, services, and supply chains are just a few examples of what will be covered.  While protecting important contractor and government systems from cyber intrusions may be necessary, government agencies have a tendency to pass the buck on requirements like these to industry.  This is one time when industry should push back and work for more shared burdens, common standards, and common-sense requirements for those providing commercial off the shelf items.  Make no mistake:  Your costs will go up and your compliance risk will increase.  Make sure the voice of industry is heard as the executive branch seeks comments on two current cyber rules now out for comment.