Rep. John Katko (R-N.Y.) last week introduced three bills to strengthen the Cybersecurity and Infrastructure Security Agency (CISA), measures drawn from the recommendations of the Cyberspace Solarium Commission.
Katko stated that his "comprehensive national cyber security improvement package…enhances national cyber security through the creation of a public-private workforce exchange program and empowers CISA by increasing stability in leadership positions and prioritizing the necessary funding and resources."
The Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020 (H.R. 7588) requires a comprehensive review of the Department of Homeland Security agency, including how more funding could help it support programs for national risk management, federal information systems management, and public-private cyber security and integration, and a review of workforce structure, current facilities and needs.
Last Friday, Katko said his top priority is "strengthening and clarifying CISA's authority and vastly increasing its funding to allow it to carry out its role as the nation's risk manager, coordinating the protection of critical infrastructure and federal agencies and departments from cyber threats."
During a virtual hearing of the House Homeland Security Committee's panel that focuses on cyber security, he said that "Under the bill, CISA would also evaluate its current facilities and future needs including accommodating integration of personnel, critical infrastructure partners, and other department and agency personnel and make recommendations to GSA. GSA must evaluate CISA's recommendations and report to Congress within 30 days on how best to accommodate CISA's mission and goals with commensurate facilities."
The GSA is the General Services Administration, a federal agency helps manage leasing and operations of government office space and buildings.
Katko also said the facilities evaluation fits with the Solarium Commission's recommendation for an integrated cyber center within CISA.
A second measure, the Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act (H.R. 7589), would establish a five-year term for the director of CISA with a two-term limit. Within DHS, only the administrator of the Transportation Security Administration has a defined term, which is five years. Katko said a five-year term would provide stable leadership to the agency.
The bill would also elevate the CISA director to the equivalent of an assistant secretary or military service secretary, he said on Friday. It would categorize the assistant directors as career public services to depoliticize their positions.
The two bills were introduced as amendments to the fiscal year 2021 National Defense Authorization Act (NDAA) in the House.
The third bill, the CISA Public-Private Talent Exchange Act (H.R. 7590), requires CISA to create a workforce exchange program between the government and industry. The Talent Exchange bill, which includes Rep. James Langevin (D-R.I.) as a co-sponsor, was withdrawn by Langevin as an amendment to the NDAA.
The Cyberspace Solarium Commission released its report in March with more than 80 recommendations. The commission says that despite the formal standup of CISA in late 2018, the agency's ability to coordinate with the private sector "is not widely understood or consistently recognized," it lacks the analytic capacity and resources to better help the nation reduce cyber risks, and still hasn't been able to centralize federal civilian responsibilities.