Congressional cybersecurity leaders introduce legislation to establish a National Cyber Director

June 29, 2020

A bipartisan group of six House members introduced a bill to establish a National Cyber Director in the Executive Office of the President to coordinate cyber policy across the Federal government.

Three Democrats and three Republicans are sponsoring the National Cyber Director Act, which would create a Senate-confirmed director, and two deputy directors appointed by the president.

Sponsors of the bill include Congressman Jim Langevin (D-RI), Congressman Mike Gallagher (R-WI), House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-NY), Ranking Member of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure and Innovation John Katko (R-NY), former Ranking Member of the House Intelligence Committee C. A. Dutch Ruppersberger (D-MD), and Ranking Member of the House Intelligence Committee’s Subcommittee on Intelligence Modernization and Readiness Will Hurd (R-TX).

The creation of a National Cyber Director is a major recommendation of the Solarium Commission, a Congressionally-chartered group that includes members of Congress and the Administration, as well as private sector leaders. Pillar One of the Commission’s report, which was released in March, involves reforming the government, and creating a strong director in the White House is a “key recommendation.” In the George W. Bush Administration, Howard Schmidt and Richard Clarke served as “special” cybersecurity advisers to the President. In December 2009, President Obama created the position of White House Cybersecurity Coordinator and appointed Schmidt to it. Michael Daniel also held the position under Obama, and Rob Joyce served as Cybersecurity Coordinator under President Trump. The position was eliminated in 2018 by then National Security Adviser John Bolton. The National Cyber Director would fulfill a similar policy role to the Cybersecurity Coordinator, but the position would be backed with additional statutory authority to review cybersecurity budgets and coordinate national incident response.

"The Coronavirus has elevated the importance of cyber infrastructure and demonstrated how incredibly disruptive a major cyberattack could be," said Cyberspace Solarium Co-Chair Gallagher. "But while we are woefully unprepared for a cyber calamity, there is still time to right the ship. As the Cyberspace Solarium Commission recommends, a critical first step in doing so is through the creation of a National Cyber Director who would not only coordinate a whole-of-nation response to an attack, but work to prevent it in the first place. We need this strategic leadership yesterday, and I hope my colleagues realize we no longer have time to waste in strengthening our cyber resiliency.”

The National Cyber Director would be appointed by the President subject to Senate confirmation and would head an office within the Executive Office of the President. They would oversee and coordinate federal government incident response activities, collaborate with private sector entities, and attend and participate in meetings of the National Security Council and Homeland Security Council. The Director would develop and oversee implementation of a National Cyber Strategy to defend the nation’s interests and critical infrastructure against malicious cyber actors. They would also participate in the preparation for cybersecurity summits and other international meetings in which cybersecurity is a focus.

“Cyberattacks threaten the security of individuals, businesses, schools, and governments alike,” said House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure and Innovation Ranking Member Katko. “As a nation, we must bolster our preparedness and response. For this reason, I am pleased to join Representatives Langevin, Gallagher, Maloney, Ruppersberger, and Hurd in introducing the National Cyber Director Act. Our bipartisan bill would establish the National Cyber Director position, a role that would serve as the President’s key advisor on matters related to cybersecurity. This position would be filled by a dedicated cyber expert, who would be empowered to lead national cyber strategy and policy. This is a significant step forward for improving our national security.”

In their report, the Solarium Commissioners wrote: “The executive branch should be restructured and streamlined in order that clear responsibilities and authorities over cyberspace can be established while it is empowered to proactively develop, implement, and execute its strategy for cyberspace…. More consolidated accountability for harmonizing the executive branch’s policies, budgets, and responsibilities in cyberspace while it implements strategic guidance from the President and Congress is needed to achieve coherence in the planning, resourcing, and employing of government cyber resources.” The Commissioners reiterated the need for coordination out of the White House in their recently published pandemic white paper, which highlighted the parallels between the COVID-19 public health emergency and a potential cyber incident.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.