A lawmaker on the bipartisan Cyberspace Solarium Commission said Wednesday there’s a “decent shot” Congress will pass legislation this year on the group’s recommendation to reestablish key cyber leadership roles at the White House and State Department.
Rep. Jim Langevin (D-R.I.) told attendees during a virtual discussion with law firm Venable the commission is targeting the next National Defense Authorization Act as a key vehicle for passing high priority recommendations included in the group’s recently released final report.
The Cyberspace Solarium Commission’s report, released in March, included 75 recommendations aimed at addressing the U.S. government’s lagging structural approach to cyber deterrence and establishing steps for a new national cyber strategy (Defense Daily, March 11).
“[The recommendations] are important for improving the overall posture of the United States and protecting our cyber security, both on the government side and the private sector,” Langevin said.
Langevin specifically noted there’s strong bipartisan support for reinstating an executive cyber coordinator position at the White House, a role that was eliminated by the Trump administration.
“One of the glaring loopholes or gaps in our country’s cyber security is that we don’t have someone at the top coordinating policy and budget authorities, or to reach across the government and compel the departments and agencies to close vulnerabilities when they exist,” Langevin said. “[Eliminating that role] was the first major step backward in cyber security across multiple administrations of both parties. It was really disheartening to see that.”
The commission has similar optimism toward reestablishing a cyber policy coordinator role at the State Department, which was downgraded during Secretary Rex Tillerson’s time leading the department.
The report calls for standing up a Bureau of Cyberspace Security and Emerging Technologies to coordinate to be led by an assistant secretary of state for cyber security and tasked with overseeing the creation of international cyber norms with allies.
Langevin said Congress may also take action on establishing a Bureau of Cyber Statistics under the Department of Commerce, which would lead efforts to collect data on cyber breaches and quantify the effectiveness of specific tools and practices at preventing attacks.
“One of the glaring things that needs to be answered is what does strong cyber security mean. What does it mean if we employ ‘X, Y, Z’ technology or capability in cyberspace?” Langevin said. “We need to be able to speak in business terms. And CISO need to be able to talk to CIOs and CEOs and boards about what adopting stronger cyber tools means, and how much more cyber secure it will make them.”