Langevin Statement on Trump’s Cybersecurity Executive Order

May 11, 2017 Issues: Cybersecurity

Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus and a senior member of the House Committees on Armed Services and Homeland Security, issued the following statement on President Trump’s Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:”

“As noted by intelligence leaders in testimony this morning, cybersecurity is a principal national security challenge facing our nation, and I commend Homeland Security Advisor Tom Bossert and his team for developing this Executive Order (EO), which provides an outline for cybersecurity activities under the Trump Administration. In my time working on cybersecurity in Congress, it has always been a bipartisan issue, and I hope the Administration will work closely with Congress to implement the measures laid out in the document.

“With respect to protecting federal networks, the EO continues the path set forward under the Obama Administration toward further centralization of cybersecurity. Relying on agencies to adequately protect their assets in this new domain has proven unsustainable, as evidenced by the 2015 breach of the Office of Personnel Management, and strengthening the review process by the Department of Homeland Security and the Office of Management and Budget should help agencies better understand the risks they face and the resources available to them. However, I continue to believe that an independent official with policy and budgetary authority, as laid out in my Executive Cyberspace Coordination Act, is the best way to consolidate this responsibility. Nonetheless, the policy reviews and the efforts at IT modernization should build upon the prior Administration’s efforts to secure federal networks.

“Critical infrastructure protection is one of the foremost challenges in cybersecurity, and the EO provides for important actions to improve coordination with private sector owners and operators. I hope that sector specific agencies use the opportunity afforded by the EO to review their engagement with critical infrastructure providers, particularly the “section 9 entities” identified by the Obama Administration, and provide enhanced guidance, where appropriate. I am particularly interested in efforts to promote market transparency in cybersecurity practices. I have written repeatedly to the Securities and Exchange Commission asking them to strengthen shareholder protections in this regard, and I believe increased disclosure will help drive needed investments in and attention to cybersecurity.

“In general, the policies laid out in the EO, including in Section 3, “Cybersecurity for the Nation,” reflect a continuation of the Obama Administration’s approach. Strengthening international cooperation, building a stronger cybersecurity workforce, and promoting a free and open Internet are vital to protecting our national security. While I strongly supported most of President Obama’s cybersecurity policy, I do not believe some in his Administration paid sufficient attention to the issue prior to the OPM hack. I hope that President Trump and his team do not make the mistake of leaving cybersecurity as an afterthought until a major incident. However, I remain deeply concerned by the President’s lack of urgency in appointing officials to fill critical cybersecurity roles, including at the Departments of Defense and Homeland Security. The EO contains important guidelines for improving our cybersecurity posture, but without personnel to implement it, I am afraid our nation will continue to be at risk.”