A bipartisan group of lawmakers on Thursday introduced legislation in the House that would establish a “national cybersecurity director” to lead government efforts on cybersecurity.
The National Cyber Director Act would establish the position within the White House, with the director meant to serve as the president’s key adviser on cybersecurity and other emerging technology issues.
The individual filling the position would be nominated by the president and then Senate-confirmed, and would be responsible for overseeing the creation and implementation of a national cybersecurity strategy to address security risks to the U.S. in cyberspace.
The position would take over many of the responsibilities of the White House cybersecurity coordinator, a position that was eliminated in 2018 by former national security adviser John BoltonJohn BoltonOvernight Defense & National Security — Milley becomes lightning rod Joint Chiefs Chairman Milley becomes lightning rod on right Ex-Trump adviser Bolton defends Milley: 'His patriotism is unquestioned' MORE following the departure of former cybersecurity coordinator Rob Joyce.
The creation of a national cyber director was one of the key recommendations made by the Cyberspace Solarium Commission (CSC) as part of its report rolled out in March on how to protect the nation from cybersecurity threats. The CSC was established by Congress and is made up of members of Congress, top federal officials and industry representatives.
Rep. Mike GallagherMichael (Mike) John GallagherHillicon Valley — Presented by Xerox — Tech groups take aim at Texas Republican lawmakers raise security, privacy concerns over Huawei cloud services Overnight Defense & National Security — Presented by AM General — Afghan evacuation still frustrates MORE (R-Wis.), the co-chairman of the CSC, and CSC member Rep. Jim LangevinJames (Jim) R. LangevinBipartisan House group introduces legislation to set term limit for key cyber leader House panel approves B boost for defense budget Democratic lawmakers urge DHS to let Afghans stay in US MORE (D-R.I.) are among the sponsors of the bill.
Langevin said in a statement that “complicated” cybersecurity policy necessitates a national leader on the issue.
“Only within the White House can we cohesively develop and implement a truly whole-of-nation cyber strategy that is commensurate with the threats we face,” Langevin said. “By establishing a National Cyber Director with the policy and budgetary authority to reach across government, we can better address cybersecurity vulnerabilities and gaps holistically and prevent catastrophic cyber incidents.”
Gallagher said separately that the COVID-19 pandemic had demonstrated the need to be prepared to face a debilitating cyberattack that could cause similar societal disruptions.
"The coronavirus has elevated the importance of cyber infrastructure and demonstrated how incredibly disruptive a major cyberattack could be," Gallagher said. "But while we are woefully unprepared for a cyber calamity, there is still time to right the ship."
Other sponsors include Rep. John KatkoJohn Michael KatkoThe Hill's Morning Report - Presented by Alibaba - Democrats argue price before policy amid scramble WHIP LIST: How House Democrats say they'll vote on infrastructure bill Emboldened Trump takes aim at GOP foes MORE (R-N.Y.), the ranking member on the House Homeland Security’s cybersecurity subcommittee, House Oversight and Reform Committee Chairwoman Carolyn MaloneyCarolyn MaloneyHillicon Valley — Presented by Xerox — EU calls out Russian hacking efforts aimed at member states House lawmakers ask Cyber Ninjas CEO to testify on Arizona audit House Oversight demands answers on CBP's treatment of Haitian migrants MORE (D-N.Y.), Rep. Will HurdWilliam Ballard HurdFirst Democrat jumps into key Texas House race to challenge Gonzales Will the real Lee Hamiltons and Olympia Snowes please stand up? The Hill's Morning Report - Presented by Facebook - Biden, Congress drawn into pipeline cyberattack, violence in Israel MORE (Texas), the top Republican on the House Intelligence Committee’s subcommittee on intelligence modernization and readiness, and Rep. Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerHouse lawmakers roll out bill to invest 0 million in state and local cybersecurity House approves cyber funds in relief package as officials press for more Maryland lawmakers ask Biden to honor Capital Gazette shooting victims with Presidential Medal of Freedom MORE (D-Md.).
“At the national level, we need a coordinated approach to cybersecurity that ensures individuals, businesses, schools, hospitals, and governments are protected against cyberattacks,” Katko said in a statement, adding that a national cyber director would be a boost for national security.
Maloney noted that “the heightened cyber-attacks we’ve witnessed around the world in response to the coronavirus pandemic, including efforts to impede the U.S. response, demonstrate the urgent need for a National Cyber Director to ensure our nation’s cybersecurity strategy is streamlined, prioritized, and as effective as possible.”
Former White House cybersecurity coordinator Michael Daniel, who served under former President Obama, backed the bill on Thursday.
“The need for greater coordination, focus, and clarity on cybersecurity within the U.S. government is clear,” Daniel said in a statement. “So, while I am normally skeptical about creating new positions as a solution to policy problems, establishing a National Cyber Director within the Executive Office of the President is the right approach for this situation.”
While the bill was only introduced in the House on Thursday, Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonBiden sidesteps GOP on judicial vacancies, for now The Hill's Morning Report - Presented by Alibaba - Democrats argue price before policy amid scramble Liberal group launches campaign urging Republicans to support Biden's agenda MORE (R-Wis.) expressed support last month for including a clause in this year's National Defense Authorization Act (NDAA) to establish a national cybersecurity director.
The Senate Armed Services Committee’s version of the NDAA did not include this clause, but did include a requirement to carry out an assessment of the “feasibility” of creating the position.