A lofty but critical cybersecurity dream that must turn into reality
In the name of national security and our economic future, it is time for the House and Senate to establish dedicated cybersecurity committees. With the Solar Winds hack, digital battles with actors such as China and Russia, and reliance on the internet for our critical infrastructure, the government has to streamline cybersecurity authority and oversight for Congress. The broken structure of committees for cybersecurity hobbles our actions and leaves holes in our defenses. As lawmakers work to bolster the function of Congress, they should not leave cybersecurity issues behind.
In its current form, different committees wrangle for jurisdiction or block the passage of cybersecurity legislation. Instead of relying on experts on centralized authority, since many of them are loath to give up any power, the broken review process hinders our national security by preventing the passage of any major cybersecurity legislation. Each year Congress does not treat cybersecurity policy with the high intensity as health care or the economy, our enemies can find new vulnerabilities to abuse, intellectual property to steal, or innovate while our country falls behind.
Before we claim that no member of Congress would give up jurisdiction, consider that one of the most powerful cybersecurity chairmen from the House side, Representative Jim Langevin, offered to do simply that in the name of better cybersecurity. But he is not the only one on Capitol Hill to think this is smart policy. Indeed, the Cyberspace Solarium Commission recommended the creation of permanent cybersecurity committees to “consolidate budgetary and legislative jurisdiction over cybersecurity issues, as well as current traditional oversight authority.”
These new committees would be structured in a bipartisan manner and focus on the expertise of members. This structure is designed to foster bipartisan collaboration that is often necessary for lasting and durable cybersecurity policy. The committees would hold hearings, subpoena witnesses, consider critical legislation, and have oversight on national cybersecurity strategy development and implementation.
While the structure of committees is a wonky issue, it has real effects on national security. The dispersed nature of cybersecurity oversight likely contributed to the failures that led to the Solar Winds hack. If we want to be serious with fixing our cybersecurity issues, the structure of Congress must be on our collective priority lists. The largest technology companies like Microsoft have called on our leaders to take more action with a global cybersecurity response to threats. Now is the time for this.
Reforming the structure of committees comes with significant benefits like better oversight. The intelligence community went through a similar structure shift in the 1970s when weak oversight by Congress was found to have contributed to abuses of power. We have also seen what happens if we do not focus on cybersecurity and coordinate its oversight. We know the harm that can come to even the best protected places like Merck and the National Nuclear Security Administration when critical cybersecurity budgets and practices are not reviewed on time in Congress.
The new committees in the House and Senate could enhance our national cybersecurity strategy, which is the fundamental building block on which all other efforts in this area must rest. If committees review only their own jurisdictional efforts on cybersecurity, we will continue to have disparate and disjointed progress. Congress also needs staffers who are trained to establish our national cybersecurity strategy. The creation of permanent committees on cybersecurity is the only way to achieve success. While it is difficult to change the rules in Congress, a bipartisan discussion about how to make things work needs top include cybersecurity.
Tatyana Bolton is the managing senior fellow for the cybersecurity and emerging threats team with the R Street Institute based in Washington.