Congress backs push for national cyber czar
Bipartisan calls to put in place a national cybersecurity director in the White House are gaining steam on Capitol Hill two years after a similar position was eliminated.
The support comes after months of increasing cyberattacks against everything from hospitals to research groups to federal agencies during the COVID-19 pandemic, and as lawmakers look to bolster federal cybersecurity as more Americans move online.
In the latest high-profile incident, several prominent Twitter accounts, including those of former Vice President Joe Biden and former President Obama, were compromised Wednesday in what appeared to be a bitcoin scam.
The push also comes ahead of the elections in November as the country continues to deal with the fallout from Russian meddling in 2016, which included hacking emails from Democratic nominee Hillary Clinton's campaign.
“A national cyber director would better protect the country in cyberspace, and we must make sure we are prepared for and can respond effectively to cybersecurity incidents of national consequence,” Rep. Jim Langevin (D-R.I.) told The Hill on Wednesday.
Langevin is among a group of bipartisan House members who introduced legislation last month to create a Senate-confirmed position of national cybersecurity director at the White House. The director would serve as the president’s advisor on cybersecurity and other emerging technology issues, and the official would work to coordinate cybersecurity issues between agencies.
The position of White House cybersecurity coordinator, previously held by Rob Joyce, was cut in 2018 by former national security adviser John Bolton in an effort to decrease bureaucracy after the position was first created under Obama.
The decision led to bipartisan pushback on Capitol Hill, with members of Congress expressing extreme concern over the lack of a central figure to coordinate federal cybersecurity priorities.
The push to reestablish the position comes as cybersecurity concerns have intensified. The 2019 Worldwide Threat Assessment compiled by former Director of National Intelligence Daniel Coats listed cybersecurity as the top global threat, noting that every U.S. foreign adversary would likely seek to undermine American policies through cyberattacks and influence operations.
Congress is considering reinstating the position with greater authority to ensure federal coordination in responding to a similarly disruptive nationwide cyberattack.
The House Oversight and Reform Committee held a hearing to evaluate the necessity of carving out a position of national cybersecurity director at the White House, with committee Chairwoman Carolyn Maloney (D-N.Y.) throwing her support behind the proposed bill.
“A challenge as complex and pervasive as cybersecurity requires that our government be strategic, organized and ready,” Maloney said during the hearing. “Democrats and Republicans agree we need a national cyber director to ensure we are fully prepared for, and coordinated in, our response to cyberattacks as our nation fights this silent war.”
The legislation was introduced after the position of a national cyber director was proposed in a report from the Cyberspace Solarium Commission published in March. The commission was established by Congress and is made up of members of Congress, federal officials and industry leaders, who are charged with submitting recommendations to defend the U.S. in cyberspace.
Langevin and Rep. Mike Gallagher (R-Wis.) are members of the Cyberspace Solarium Commission, with Gallagher serving as co-chair alongside Sen. Angus King (I-Maine).
Gallagher, who is a co-sponsor of the legislation to create a cyber director position, testified to the Oversight committee on Wednesday that the position would likely necessitate at least 75 new staffers and a budget of between $10 million and $15 million, which Gallagher noted was “consistent” with other Senate-confirmed offices in the executive branch.
Committee ranking member James Comer (Ky.) and other committee Republicans expressed support for the idea of the position, but were cautious about potentially creating more bureaucracy at the federal level.
“We cannot afford to introduce inefficiencies or bureaucratic hurdles to the government’s ability to respond to a national cybersecurity incident in real time,” Comer said. “I want to ensure that we are not fostering redundant efforts across the cybersecurity sector.”
But Gallagher and former Rep. Mike Rogers (R-Mich.), who served as House Intelligence Committee chairman, testified Wednesday that the need for a central figure at the White House to coordinate cybersecurity issues was of more importance.
“We in Congress must sufficiently enable the federal government to create a sufficient cybersecurity plan,” Gallagher said. “When we fight, we will fight with all elements as one single, concentrated effort.”
Rogers said he had initially been opposed to the idea, but was forced to “eat crow” as he came around to supporting the measure, pointing to the need to coordinate cyber operations between the various agencies such as the Department of Homeland Security and the National Security Agency.
“There is not one person, no organization set over top of it that says ‘I am going to be either the cavalry to help you in your deficiencies or I’m going to help you find out what’s wrong and how we fix it in a short order,’ ” Rogers said. “Nothing is steering that, so yes, we’re going to need help or the fact is we are going to have incidents.”
Langevin told The Hill that he would seek to attach the bill as an amendment to the annual National Defense Authorization Act (NDAA), which the House is set to debate next week.
While the bill has not been proposed in the Senate, Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) has expressed support for the idea. Langevin noted that more support may emerge from a Senate Armed Services Committee hearing on the Cyberspace Solarium Commission set to take place in upcoming weeks.
But the legislation may face pushback from the White House. Langevin said that while he and other sponsors were “reaching out” to the Trump administration for feedback, there had been no response.
The bill does have support from Michael Daniel, who served as White House cybersecurity coordinator for five years during the Obama administration.
“The government’s capabilities must catch up to and keep pace with society’s growing digital dependence,” Daniel, who currently serves as president and CEO of the Cyber Threat Alliance, testified to the committee Tuesday. “We do not have the luxury of waiting another 10 or 15 years for the issue to mature.”
The private sector has also voiced support establishing the role within the White House.
The U.S. Chamber of Commerce sent a letter to Congress on Tuesday describing the position as a way to “send a signal to the public, including U.S. allies, that the White House prioritizes cybersecurity in the attention of the National Security Council and the president.”
“Congress’ leadership is crucial as the business community collaborates with policymakers to strengthen the cybersecurity of American businesses and governmental bodies against malicious actors,” the Chamber wrote.
Amit Yoran, chairman and CEO of software group Tenable, told The Hill on Wednesday that cybersecurity was “one of the most important issues of our time,” expressing concern that there was no central coordinating official.
“This is a national security issue, but it’s also an economic security issue, and it’s a social issue, and it’s a privacy issue,” Yoran said. “Not having a focal point at the White House ... is nonsensical to me.”