Portman Optimistic His Bipartisan Cyber Work Will ‘Carry On’ After Retirement

Sen. Rob Portman (R-OH) departs from the Senate Republicans' daily luncheon at the U.S. Capitol Building on May 05, 2022 in Washington, DC.

Sen. Rob Portman (R-OH) departs from the Senate Republicans' daily luncheon at the U.S. Capitol Building on May 05, 2022 in Washington, DC. Photo by Anna Moneymaker/Getty Images

The tech advocate noted agencies still need good cyber hygiene and anticipates AI to be at the top of the Congressional tech policy agenda. 

Nearing his pending retirement Jan. 3, Sen. Rob Portman, R-Ohio, has spent the final years of his congressional career spearheading bipartisan efforts on technological legislation. As he prepares to depart public service, Portman told Nextgov he is optimistic about broadly unanimous legislative support behind emerging cybersecurity technologies.

“In my time in the Senate, I’ve found that cyber policymaking isn’t a partisan issue,” he said. “We have a good bipartisan caucus of cyber-focused legislators who I’m sure will carry on in the same fashion in my absence.”

Portman said that implementing robust cybersecurity protocols at federal agencies will require a pivot from compliance-based security practices to more risk-based practices.

“Under current law, federal cybersecurity is a check-the-box approach rather than risk-based,” he said in an email interview. “Agencies also need to make significant steps toward implementing zero trust architecture, which we haven’t seen enough progress on. Network defenders should assume that the adversary will get in the network and shift from perimeter security to endpoint security and limit the adversary’s ability to increase access through network segmentation and strong multi-factor authentication.”

He added that other steps to construct more secure federal network systems and cyber hygiene practices include updating the Federal Information Security Modernization Act and improving visibility into both government enterprise networks and networks used by contractors and vendors. This includes creating a culture of strong password and authentication measures, vulnerability management and modernization. 

Given the significant cybersecurity funding in several pieces of passed legislation, such as the Cyber Incident Reporting for Critical Infrastructure Act and Strengthening American Cybersecurity Act, Portman noted that Congress still needs to ensure agencies are operating by best cybersecurity practices and delegating positions for internal cybersecurity operations.  

“If we aren’t fixing these basic problems, there isn’t much point in buying the latest and greatest new cyber defense gadget,” Portman said. 

Beyond cybersecurity issues, Portman said that artificial intelligence will be another key item on the 2023 legislative docket. The outgoing senator, having cofounded the Senate AI Caucus and facilitated the passage of 15 bills to regulate AI technologies used in government, anticipates Congress will see more AI-related legislation introduced. 

“Given all the work we have done to date, I expect the AI Caucus to continue to actively propose and enact new ideas,” he said. “If Congress is able to devote time and energy to considering federal privacy legislation next year, I expect a privacy bill will end up being a vehicle to consider plenty of AI and emerging tech issues as well.”

“Artificial intelligence will be transformational and so we need to work now to harness the benefits and mitigate the downsides,” he said. 

Portman’s retirement at the end of the 117th Congress after choosing not to run for a third term marks the end of his 12 years in the Senate, following eight years as a representative in the House and two years serving as an official under the Bush administration.