Streamlining congressional oversight of cybersecurity policy, creating a high-level “cyber director” role at the White House and -- of course -- closer scrutiny of Trump administration cyber efforts will top the priority list if Democrats take the House in November, according to one key Democratic lawmaker.
“We haven't moved the ball enough on [cyber] oversight,” Rep. James Langevin (D-RI) told Inside Cybersecurity. “It needs to happen faster and more comprehensively.”
Langevin is the co-founder of the bipartisan Congressional Cybersecurity Caucus and a senior member of the Armed Services and Homeland Security committees.
About this feature:
'The Editor Reports' is a new feature from Inside Cybersecurity intended to identify themes emerging from our news coverage and pose questions about the direction of evolving cybersecurity policies. Email comments to firstname.lastname@example.org.
He is in line to chair Armed Services' cyber-focused emerging threats subcommittee if the Democrats get the net 24-seat pickup they need on Election Day to secure a House majority. Nonpartisan analyses and the latest polling aggregations show the Democrats poised to make the necessary gains.
But within the House's current committee structure, Langevin said, “oversight of cybersecurity is too stove-piped -- the jurisdictional issue is a problem and we need to streamline.”
What's the problem? “Jurisdiction, jurisdiction, jurisdiction,” Langevin said. “It's a major roadblock to legislation and oversight.”
With eighty-plus committees and subcommittees exercising authority over myriad cyber issues, “we need more agility in oversight,” Langevin said. “That takes strong leadership at the speaker and minority leader level. I hope we're in the majority and can streamline oversight. That will be one of my top priorities.”
Otherwise, the ninth-term lawmaker said, “the only thing that moves the needle on cyber is a crisis.”
On other issues, Langevin cited the upcoming one-year anniversary of the Equifax hack in calling for action on data security and breach notice legislation, such as the bill he has introduced that would require notification to consumers within 30 days of detecting a breach and give the Federal Trade Commission statutory authority for “coordinating responses” to cyber attacks.
“There hasn't been enough done to prevent future Equifaxes from happening or to notify consumers” of breaches, he said.
Langevin said that he will also push for a “Senate-confirmed cyber director role with budget authority, at the White House.”
“There needs to be one person who is responsible and accountable for what the policy is and what the metrics are for success."
Such a position would have significantly more authority than the White House cyber coordinator role that President Trump eliminated earlier this year -- and that was a creation of the Obama administration that lacked statutory authority.
Langevin likened the position he envisions -- and has detailed in legislation introduced in the past two Congresses -- to the Director of National Intelligence or the Director of National Drug Control Policy.
Langevin also discussed the new National Risk Management Center that the Department of Homeland Security has launched, calling it “a positive step forward” and saying he is “looking forward to hearing from them.”
“We need to make sure they have the tools they need and that the [National Cybersecurity and Communications Integration Center] is more operational in real time. But the risk management center could have real value,” he said.
Still, Langevin said, “we need to get better at assuring interagency coordination. The primacy of DHS is important, which is why enactment of NPPD reorganization is essential.”
Bipartisan legislation has cleared the House that would transform NPPD into a cybersecurity agency, but it remains stalled in the Senate, a source of bipartisan frustration among House members.
“Organizing and making clear the mission of NPPD is important, but we also need to know who is coordinating the whole-of-government strategy,” Langevin said, underscoring the need for a high-level policy director.
The lawmaker also expressed concerns that not enough has been done to secure state elections systems amid ongoing hostile action from Russia.
“We're going into the elections with just a Band-Aid,” he said. “Time is short now but I'm concerned about DHS having enough resources to deal with states an localities, and to protect other critical infrastructure.”
With concerns lingering about proper state and federal role son election security, he added: “I encourage states to reach out for assistance -- the federal government is never going to take over the electoral process.” -- Charlie Mitchell, editor, Inside Cybersecurity