Rep. John Katko unveils national cybersecurity improvement package

July 16, 2020

U.S. Rep. John Katko, Ranking Member of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Innovation, unveiled a national cybersecurity improvement package. The legislation includes the Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act, Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020, and the CISA Public-Private Talent Exchange Act.

The measures introduced are key recommendations from the Cyberspace Solarium Commission’s inaugural report this year. The Cyberspace Solarium Commission is a Congressionally-chartered Commission tasked with developing and recommending a comprehensive national strategy for improving American cybersecurity. Working closely with members on the Commission, including U.S. Reps. Jim Langevin (D, RI-2) and Mike Gallagher (R, WI-8), Rep. Katko has worked across party lines to make the Commission’s commonsense recommendations legislative realities. After the Commission recommended establishing a more coordinated national cyber strategy, last month he introduced The National Cyber Direct Act, bipartisan legislation that would create the position of National Cyber Director within the White House.

Specifically, Rep. Katko introduced:

The Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act: This bipartisan measure takes steps to improve guidance and long-term strategic planning by stabilizing the CISA Director and Assistant Directors positions. Specifically, the bill:

Creates a 5-year term for the CISA Director, with a limit of 2 terms. The term of office for the current Director begins on date the Director began to serve.
Elevates the Director to the equivalent of a Deputy Secretary and Military Service Secretaries.
Depoliticizes the Assistant Director positions, appointed by the Secretary of the Department of Homeland Security (DHS), categorizing them as career public servants.

The Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020: This measure mandates a comprehensive review of CISA in an effort to strengthen its operations, improve coordination, and increase oversight of the agency. Specifically, the bill:

Requires CISA to review how additional appropriations could be used to support programs for national risk management, federal information systems management, and public-private cybersecurity and integration. It also requires a review of workforce structure and current facilities and projected needs.
Mandates that CISA provides a report to the House and Senate Homeland Committees within 1-year of enactment. CISA must also provide a report and recommendations to GSA on facility needs.
Requires GSA to provide a review to the Administration and House and Senate Committees on CISA facilities needs within 30-days of Congressional report.

The CISA Public-Private Talent Exchange Act: This bill requires CISA to create a public-private workforce program to facilitate the exchange of ideas, strategies, and concepts between federal and private sector cybersecurity professionals. Specifically, the bill:

Establishes a public-private cyber exchange program allowing government and industry professionals to work in one another’s field.
Expands existing private outreach and partnership efforts.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.