The Cyberspace Solarium Commission’s recommendations to create a National Cyber Director and strengthen CISA have become even more relevant over the past week with recent cyber attacks targeting U.S. COVID-19 research and Twitter accounts, according to commission members who testified at a hearing Friday.
“Our adversaries have noticed the broader attack surface. Just yesterday, CISA -- in conjunction with allies in the UK and Canada -- announced that Russian operatives are targeting health care organizations doing research on the virus,” said Rep. Jim Langevin (D-RI) at a House Homeland Security cyber subcommittee hearing on Friday. Subcommittee member Langevin, who is also a Solarium commissioner, filled in as chairman for the subcommittee hearing.
Langevin said, “And two days ago, we saw a major breach of Twitter that saw many prominent accounts linking to a Bitcoin scam. It doesn’t take much imagination to see what chaos one could sow with such access on Election Day if a bad actor was pushing out disinformation. The realities of 2020 make clear that a comprehensive, whole-of-nation approach to cybersecurity is a necessity, but we do not yet have one. We lack a clear leader in the White House whose mission it is to focus on cybersecurity. We lack clear understanding of roles and responsibilities, both within government and between government and the private sector. We lack clear metrics to measure our progress.”
Various Solarium recommendations have been folded into the fiscal 2021 National Defense Authorization Act bills being considered this week in both the House and Senate, and others will be offered as floor amendments.
Solarium Commission co-chairs Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI) testified at the hearing along with commissioners Suzanne Spaulding, who is a former senior cyber official at DHS, and Samantha Ravich, who chairs the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.
Langevin asked King about how the creation of a National Cyber Director could help the U.S. respond to efforts by Russian intelligence revealed last week to hack COVID-19 vaccine development research.
“The key is to have someone in charge overall,” King said. “We’ve got responsibility for cyber scattered across the government in a variety of different agencies and a variety of different authorities, funding levels, but there’s no central coordinating function. There’s no person with the authority of the White House to settle turf wars, to oversee budgets and forge cooperation through the various agencies involved.”
Rep. Sheila Jackson Lee (D-TX) also expressed her concerns on the attempted IP theft, calling vaccine research “life or death for many Americans.”
In his opening statement, Homeland Security subcommittee ranking member John Katko (R-NY) said he supports many of the recommendations in the Solarium report and outlined his legislation to strengthen the Cybersecurity and Infrastructure Security Agency’s authority.
“I introduced this recommendation as a bill, which requires CISA to assess what additional resources are necessary to fulfill its mission,” Katko said.” This assessment should examine CISA’s workforce composition and future demands and report to Congress on the findings.”
Katko continued, “Under the bill, CISA would also evaluate its current facilities and future needs including accommodating integration of personnel, critical infrastructure partners, and other department and agency personnel and make recommendations to GSA. GSA must evaluate CISA’s recommendations and report to Congress within 30 days on how best to accommodate CISA’s mission and goals with commensurate facilities. The facilities evaluation dovetails with the Commission’s recommendation for an integrated cyber center within CISA.”
Katko also highlighted his legislative proposals to set a five-year term for the director of CISA and to allow CISA to conduct continuous threat hunting across the .gov domain.
House Homeland Security Chairman Bennie Thompson (D-MS) agreed with Katko on the need to strengthen CISA. “Right-sizing CISA’s budget and equipping it with the authorities necessary to carry out its mission to secure Federal networks, while also supporting critical infrastructure, has been a bipartisan priority of Committee Members,” Thompson said at the hearing.
Thompson also expressed support for Langevin’s National Cyber Director legislation and his efforts to get the bill into the House version of the fiscal 2021 National Defense Authorization Act.
“Although there are many well-intentioned, capable people working hard to advance sound cybersecurity policy throughout the executive branch, the lack of consistent leadership from the White House has stunted progress,” Thompson said. “Over two years ago, for example, the White House green-lighted the elimination of its Cyber Security Coordinator. The result is a lack of effective coordination among Federal agencies who compete for cybersecurity authorities, responsibilities, and associated budgets -- and Federal agencies approaching Congress with conflicting priorities. The time has come for that to stop.” -- Sara Friedman (sfriedman@iwpnews.com)