By Geoff Fein
With the need to develop a more robust approach to protecting the nation’s networks, one lawmaker is hoping to craft legislation that would codify many of the findings in the White House’s 60-day cyber security review.
But getting a bill through the myriad of committees could pose a challenge in and of itself, Rep. James Langevin (D-R.I.), told Defense Daily in a recent interview.
“One of the concerns I have, and criticisms I have about Congress in general, is that we need more streamlined oversight…more direction in terms of who actually has jurisdiction over a particular issue and cyber security is no exception,” Langevin said. “If we can streamline that process, I think we can get better oversight and the departments and agencies would function a lot more smoothly.”
As was the case just a few years back before the creation of a Homeland Security committee, department and agency personnel had to testify before numerous committees claiming jurisdiction on homeland security, often times covering the same ground. With cyber security, it seems, any number of House committees can claim jurisdiction over the issue.
“As I understand it, probably the four biggest committees in the House that oversee cyber security would be the Homeland Security, Energy and Commerce, as well as the committees I am on–House Armed Services Committee (HASC) and House Select Committee on Intelligence. There may be others that might assert jurisdiction…the Judiciary Committee might have a role,” he said.
Add to the list the House Committee on Science and Technology and its subcommittees on technology and innovation and research and science education, which are holding a joint hearing on cyberspace policy review today.
“I would like to see more streamlined oversight of the cyber security issue…limiting the number of committees that would actually conduct oversight,” Langevin said. “But, ultimately, that will be determined by the speaker. But I certainly will encourage her to consider streamlining the oversight of cyber security.”
There is a belief among some outside the government that lawmakers don’t have an understanding of the cybersecurity issue. Langevin acknowledged that most members are probably not thinking about it as often as he does, or have been involved in the issue as he has, but that doesn’t mean members are not aware of the concerns. “There is a growing awareness among members of the cyber security threat and how important it is to close the vulnerability, at the same time it’s not everybody’s issue which is understandable
“As with all of us, we all have our own niches…our own areas of focus. Because of personal interest or the committees on which we serve we are going to be experts in one area than another on certain issues,” Langevin said. “This is an issue I have chosen to adopt because I recognize it as a glaring vulnerability, and in particular because I chaired the Homeland Security subcommittee last Congress on emerging threats and cyber security.”
Langevin’s interest in cybersecurity led to his involvement in co-chairing the Center for Strategic and International Studies’ report on Securing Cyberspace for the 44th Presidency. Langevin also chaired the House Homeland Security Committee’s emerging threats and cyber security subcommittee in the last Congress, and been asked by Rep. Silvestre Reyes (D-Texas), chairman of the House Select Committee on Intelligence, to be one of the point people on cybersecurity.
“I work closely with Congressman Dutch Ruppersberger (D-Md.) and Anna Eshoo (D-Calif.) on the Intel committee on cyber,” he said.
Additionally, Langevin is a member of the HASC.
He also founded the cyber security caucus with Rep. Michael McCaul (R-Texas). “It’s a way for members who are showing concern over cybersecurity to collaborate together and work on legislation together.”
The caucus has between 15 and 20 members right now, and Langevin hopes to see its roster continue to grow.
“We have already had one meeting, our first inaugural meeting, where we had Melissa Hathaway come before us, update members on where she was,” he said.
The caucus met with Hathaway mid-way through her 60-day cyber review. “She gave us an update on where she was, and now that the review is complete we are going to hold another meeting to update…educate members on the cyber review.”
Now that the administration’s 60-day cyber review is complete, Langevin said he is looking to develop legislation that would codify a lot of the findings of the study.
“At this point, I continue to believe that legislation is necessary…and will be introducing legislation to put this in statute,” he added.
Langevin gave President Obama high marks for taking on the issue of cybersecurity so early in his administration.
“I think that the 60-day review was a good one. There are some things that are still unclear that I would like to have had more of a focus on…more clarity. But, overall, I think the 60-day review was a good one and is moving the country in the right direction on how to strengthen cyber security,” he added.
The congressman said he is pleased there is going to basically be a White House office on cyber security led by a cyber security coordinator, who will have regular access to the president. That office, the president said on May 29 at the roll-out of the review, will oversee all federal cyber security policies, will work to ensure its budgets reflect those priorities, and, in the event of a major cyber incident or attack, that person will coordinate the nation’s response.
What is unclear, Langevin noted, is who that cyber coordinator will be. One week after the president announced his plan to appoint a cyber czar, no one has surfaced as a potential nominee for the job.
“I expect and hope it will be someone with strong credentials in cyber security. Someone who is already well-respected in the cyber community so that that person doesn’t have to struggle to establish their credentials…they can come in with strong credentials from day one,” Langevin said.
“Second, it’s unclear the kind of authority per se, on specifics, the cyber coordinator will have. Will this, in fact, be a deputy assistant to the president, that’s still unclear,” he added.
It’s unlikely the cyber coordinator will be an assistant to the president, given that those positions are limited by statute, Langevin noted.
“All those positions are filled and they are not going to demote someone to raise this person up to that level,” Langevin said. “So the next level down would be the deputy assistant to the president…and then the third level down is the special assistant to the president.
“I think if it’s a deputy assistant to the president and the person is given the right authority and right power to do the job, then this could work well. If it’s [not], then that would be a disappointment,” he added.