Administration renews call for cyber legislation
Officials at DHS, the prime civilian agency in charge of cybersecurity, are reminding lawmakers that the clock is ticking on the 113th Congress.
With Congress back in session this week, top officials at the Department of Homeland Security have renewed their calls for lawmakers to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks.
In a Sept. 9 op-ed in The Hill newspaper, DHS Secretary Jeh Johnson said there is only so much his agency can do to carry out its cybersecurity mission without firmer legal authorization. "Within the federal government, existing statutory authorities are unclear, and worse, do not adequately reflect the department's role and responsibility for protecting the .gov network," he wrote.
DHS’s statutory authorities are limited in the sense that the department relies on the Homeland Security Act of 2002 for its legal mandate to deal with cybersecurity, according to Larry Zelvin, who stepped down last month as head of DHS’s National Cybersecurity and Communications Integration Center, a 24/7 hub for monitoring cyber threats.
The House passed three measures July 28 designed to boost information sharing, advance cyber technologies and improve the DHS cybersecurity workforce. One of those bills, sponsored by Homeland Security Committee Chairman Michael McCaul (R-Texas) would give DHS some of the codified authority it is looking for by strengthening NCCIC.
The Senate has been slower to act, but Johnson said he is convinced that Congress can rally around "areas of strong consensus" to pass cybersecurity legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent.
A day after Johnson’s op-ed was published, Suzanne Spaulding, DHS undersecretary for the National Protection and Programs Directorate, hammered the point home in testimony before the Senate Homeland Security and Government Affairs Committee.
"While both the cybersecurity threat and the nation’s dependence on cyber infrastructure has grown exponentially, the legal framework, particularly regarding the articulation of the department’s authorities, has not kept pace," Spaulding said, adding that "legislative action is vital."
Some lawmakers have expressed a sense of urgency to act before the end of the 113th Congress.
"If we don't do it between now and the end of year, and it's thrown over to the next Congress, the House is going to have a new influx of members, the Senate’s going to have a new influx of members," Georgia Republican Saxby Chambliss, the retiring vice chairman of the Senate Intelligence Committee, said in June. "The balance of power may change, and you’re looking at a year from now and I’m betting you nothing would be done."
He was specifically referring to an information-sharing bill he co-sponsored with Sen. Dianne Feinstein (D-Calif.), which the Intelligence panel approved in July.