Lawmakers push cyber updates in Senate defense bill
Amendments filed to the Senate version of the National Defense Authorization Act by Sen. Angus King (I-Maine) and others would implement more than a dozen recommendations from the Solarium Commission report.
Proposals from the Cyberspace Solarium Commission report have been introduced in the Senate this week as part of the National Defense Authorization process.
The amendments filed by Sens. Angus King (I-Maine) and others include more than a dozen provisions drawn from the report.
These include proposals to set up an information sharing environment and forensic malware repository between the Cybersecurity and Infrastructure Security Agency and the National Security Agency and establish a new Bureau of Cyber Statistics at the Department of Commerce and a new Bureau of Cyberspace Security and Emerging Technology at the State Department as well as a strategy to secure foundational internet protocols and email and mandate security certification and labeling for information and communication technology products.
Other proposed changes pulled from the report include amendments to limit the CISA director to a five-year term and create biennial tabletop cybersecurity exercises along with a resolution supporting the creation of a new select committee in the Senate to focus on cybersecurity.
That last provision could further what has been a longtime goal for some in Congress, who complain that jurisdiction over cybersecurity policy is hopelessly spread over dozens of committees, making it harder to move even uncontroversial legislation. Any actual change would likely need to come from Senate and House leadership.
Nick Leiserson, legislative director for another Solarium commissioner, Rep. Jim Langevin (D-R.I.), speaking at a National Institute of Standards and Technology meeting, said this Congress only tends to restructure its committees after a major disaster occurs, as it did in 2002 when it created Homeland Security Committees following the Sept. 11 terrorist attacks and 1976 when it formed new Select Committees on Intelligence following Watergate.
"I think [Langevin] views it as it's inevitable that it will happen after a crisis, and we would prefer to try and deal with it as much as possible left of boom," said Leiserson.
A standalone bill introduced in the House yesterday would implement what is perhaps the Solarium's most critical recommendation: creating a new Senate-confirmed cybersecurity director position at the White House.