Congressional Cybersecurity Leaders Introduce Bipartisan Legislation to Establish a National Cyber Director

Jun 25, 2020 Issues: Cybersecurity

WASHINGTON – Cyberspace Solarium Commissioner Congressman Jim Langevin (D-RI), Solarium co-chair Congressman Mike Gallagher (R-WI), House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-NY), Ranking Member of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure and Innovation John Katko (R-NY), former Ranking Member of the House Intelligence Committee C. A. Dutch Ruppersberger (D-MD), and Ranking Member of the House Intelligence Committee’s Subcommittee on Intelligence Modernization and Readiness Will Hurd (R-TX), have introduced The National Cyber Director Act to create the position of a National Cyber Director within the White House. The Director would serve as the President’s principal advisor on cybersecurity and associated emerging technology issues and function as the lead national-level coordinator for cyber strategy and policy.

The creation of a National Cyber Director is a major recommendation of the Solarium Commission, a Congressionally-chartered group that includes members of Congress and the Administration, as well as private sector leaders. Pillar One of the Commission’s report, which was released in March, involves reforming the government, and creating a strong director in the White House is a “key recommendation.” In the George W. Bush Administration, Howard Schmidt and Richard Clarke served as “special” cybersecurity advisers to the President. In December 2009, President Obama created the position of White House Cybersecurity Coordinator and appointed Schmidt to it. Michael Daniel also held the position under Obama, and Rob Joyce served as Cybersecurity Coordinator under President Trump. The position was eliminated in 2018 by then National Security Adviser John Bolton. The National Cyber Director would fulfill a similar policy role to the Cybersecurity Coordinator, but the position would be backed with additional statutory authority to review cybersecurity budgets and coordinate national incident response.

“After more than a decade studying this issue, I can say with great certainty: cybersecurity policy is complicated,” said Langevin, who has co-chaired the Congressional Cybersecurity Caucus since its founding in 2008. “In the Information Age, everyone relies on computers whether it’s individuals doing their banking, hospitals keeping track of patient records, companies conducting commerce, or service members protecting our national security. By the same token, everyone is vulnerable, and the defense of our country is diffused across more actors than at any point in our nation’s history. Only within the White House can we cohesively develop and implement a truly whole-of-nation cyber strategy that is commensurate with the threats we face. By establishing a National Cyber Director with the policy and budgetary authority to reach across government, we can better address cybersecurity vulnerabilities and gaps holistically and prevent catastrophic cyber incidents.”

"The Coronavirus has elevated the importance of cyber infrastructure and demonstrated how incredibly disruptive a major cyberattack could be," said Cyberspace Solarium Co-Chair Gallagher. "But while we are woefully unprepared for a cyber calamity, there is still time to right the ship. As the Cyberspace Solarium Commission recommends, a critical first step in doing so is through the creation of a National Cyber Director who would not only coordinate a whole-of-nation response to an attack, but work to prevent it in the first place. We need this strategic leadership yesterday, and I hope my colleagues realize we no longer have time to waste in strengthening our cyber resiliency.”

The National Cyber Director would be appointed by the President subject to Senate confirmation and would head an office within the Executive Office of the President. They would oversee and coordinate federal government incident response activities, collaborate with private sector entities, and attend and participate in meetings of the National Security Council and Homeland Security Council. The Director would develop and oversee implementation of a National Cyber Strategy to defend the nation’s interests and critical infrastructure against malicious cyber actors. They would also participate in the preparation for cybersecurity summits and other international meetings in which cybersecurity is a focus.

“Cyber warfare is egregious under normal circumstances, and even worse in a crisis,” said House Oversight and Reform Committee Chairwoman Maloney.  “The heightened cyber-attacks we’ve witnessed around the world in response to the coronavirus pandemic, including efforts to impede the U.S. response, demonstrate the urgent need for a National Cyber Director to ensure our nation’s cybersecurity strategy is streamlined, prioritized, and as effective as possible.”

“Cyberattacks threaten the security of individuals, businesses, schools, and governments alike,” said House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure and Innovation Ranking Member Katko. “As a nation, we must bolster our preparedness and response. For this reason, I am pleased to join Representatives Langevin, Gallagher, Maloney, Ruppersberger, and Hurd in introducing the National Cyber Director Act. Our bipartisan bill would establish the National Cyber Director position, a role that would serve as the President’s key advisor on matters related to cybersecurity. This position would be filled by a dedicated cyber expert, who would be empowered to lead national cyber strategy and policy. This is a significant step forward for improving our national security.”

“We have great leaders in cybersecurity throughout the federal government, but we need a cyber quarterback,” said former House Intelligence Committee Ranking Member Ruppersberger. “We need a central, coordinating authority figure in the White House to ensure we have a thoughtful federal cyber budget, to call the shots when we’re responding to an attack and to create better partnerships with our private-sector partners. There’s been broad, bipartisan support for this for years, and I urge my colleagues to support this legislation that will make us all safer.”

“Cybersecurity is of paramount importance for America’s overall national security and our economy,” said House Intelligence Committee’s Subcommittee on Intelligence Modernization and Readiness Ranking Member Hurd. “Creating a National Cyber Director will empower every Administration with a Senate-confirmed expert who will make cybersecurity their top priority across the federal government. This isn’t just about security at any given moment, it’s about always being prepared for and deterring attacks. The future of our economy is digital and relies on the security of our cyber infrastructure, as this pandemic has demonstrated, so this bill is a critical step forward.”

“Cybersecurity is a national security, military, intelligence, economic, diplomatic, law enforcement, business continuity, and internal management issue all at the same time,” said President and CEO of the Cyber Threat Alliance and former Cybersecurity Coordinator for President Obama Michael Daniel. “Since it crosses so many departmental jurisdictions, siloes, and missions, no single department or agency is or can be ‘in charge.’  Yet, the need for greater coordination, focus, and clarity on cybersecurity within the U.S. government is clear. So, while I am normally skeptical about creating new positions as a solution to policy problems, establishing a National Cyber Director within the Executive Office of the President is the right approach for this situation.”

“BSA | The Software Alliance commends Representatives Langevin, Gallagher, Maloney, Katko, Ruppersberger, and Hurd for advancing legislation to establish a National Cyber Director,” said Senior Director of Policy at BSA | The Software Alliance Tommy Ross. “Strong government cybersecurity leadership is vital to creating a digital ecosystem that users can trust, and the National Cyber Director will bring much-needed emphasis, coherence, and strategic thinking to cybersecurity policymaking. We look forward to the bill’s passage into law.” 

“Now more than ever, cybersecurity and cyber policy more broadly are critical priorities for governments and our industry,” said Senior Vice President of Policy and Senior Counsel at the Information Technology Industry Council John Miller. “We share common goals of improving cybersecurity, protecting the privacy of individuals’ data, and maintaining strong intellectual property protections. As the next wave of emerging technologies and digital innovations takes hold, cybersecurity issues will only continue to grow in breadth and prominence for the United States and around the globe, and often call for different agencies to work in coordination with each other and the private sector on the policy, economic and security dimensions of these issues. Central and strong strategic leadership from a National Cyber Director will better enable the United States to address these complex opportunities and threats.”

"Cybersecurity is critical to both our national security and economic health,” said President and CEO of TechNet Linda Moore. “A National Cyber Director will ensure that responsibility rests with one person who can streamline policy and procedures to protect government functions, critical infrastructure, and the private sector. As we have learned during the pandemic, technology is more important than ever in providing essential goods and services to consumers, keeping our businesses and schools operating, and maintaining our healthcare system, but that technology must be secure. TechNet is proud to support this bill. We and our members look forward to working with the National Cyber Director to advance our nation's cybersecurity goals."

“As resources for cybersecurity remain scarce, it is imperative that we understand whether programs are providing adequate value,” said Internet Security Alliance President and CEO Larry Clinton. “Assessing the cost-effectiveness of federal department and agency cybersecurity programs will ultimately enhance security. We applaud that this bill would give the Cyber Director the mandate to review federal cybersecurity initiatives for their cost-effectiveness and help us better utilize our limited cybersecurity resources.”

“Cybersecurity leadership is needed now more than ever,” said Cybersecurity Coalition Coordinator Ari Schwartz. “To make real progress, the coordination that a Cybersecurity Director in the White House would bring is a necessary starting point.”

In their report, the Solarium Commissioners wrote: “The executive branch should be restructured and streamlined in order that clear responsibilities and authorities over cyberspace can be established while it is empowered to proactively develop, implement, and execute its strategy for cyberspace…. More consolidated accountability for harmonizing the executive branch’s policies, budgets, and responsibilities in cyberspace while it implements strategic guidance from the President and Congress is needed to achieve coherence in the planning, resourcing, and employing of government cyber resources.” The Commissioners reiterated the need for coordination out of the White House in their recently published pandemic white paper, which highlighted the parallels between the COVID-19 public health emergency and a potential cyber incident.

Langevin first introduced legislation creating a White House cyber director position in 2010. That legislation was based on a recommendation from the report of the Center for Strategic and International Studies Commission on Cybersecurity for the 44th Presidency. That report concluded: “[W]e recommend that the White House, rather than any single agency, lead the new strategic and coordination functions required for cybersecurity” and that “[O]nly the White House has the necessary authority and oversight for cybersecurity.”

Full text of the bill.

Excerpt from the Solarium Commission’s Report regarding the National Cyber Director.