Cybersecurity legislation won’t get anywhere if too many groups are weighing in, said Rep. Jim Langevin.
Unless Congress consolidates authority over cyber issues, it won’t be able to move fast enough to respond to the latest digital threats, according to one of Capitol Hill’s top cyber advocates.
Rep. Jim Langevin, D-R.I., on Tuesday argued the current congressional committee structure hinders lawmakers’ ability to bolster the country’s cyber posture. Because some 80 groups claim some jurisdiction over cybersecurity, he said, it can take cyber legislation a disproportionately long time to get put to a vote.
With online threats evolving every day, measures to fight back shouldn’t get gummed up in referrals and reviews, he said.
“We as a Congress are going to have to move with greater agility to respond to the cybersecurity threats we face going forward, and we can’t do it under the current construct,” Langevin said at the 2019 State of the Net conference.
Despite Congress directing more attention to cyber issues in recent years, lawmakers have been slow to pass concrete measures to strengthen the country’s digital defenses. With so many groups weighing in, bills can take years to pass if they’re not first mired in the markup process.
Langevin said congressional leaders in the past have designated specific committees to take the lead on major policy issues, like health care reform. He said he already urged Speaker Nancy Pelosi to do the same for cybersecurity.
“You want to limit [legislation] to a few different committees and put a time frame on how long they have to mark it up—speak now or forever hold your peace,” he told Nextgov. “That would motivate a lot of committees to step up their game and allow legislation to move forward.”
Langevin, who chairs the House Armed Services subcommittee on Emerging Threats and Capabilities, said he would like to see the House Homeland Security Committee take the reins on cyber legislation. His proposal mirrors the sentiments of Sen. Ron Johnson, R-Wis., who last year called to consolidate oversight of the Homeland Security Department, which oversees most of the government’s cyber efforts.
During the speech, Langevin also announced plans to reintroduce a bill that would give companies 30 days to disclose any breach of consumer data. Data breach notification requirements are currently set by states, which creates a “problematic” patchwork of regulations for nationwide companies to follow, he said.
Though the bill dates back to the Obama administration, it’s been held up by disputes over what sectors must comply with the measure. The current legislation exempts only the healthcare industry, but some lawmakers argue the financial services sector should also be excused from notification requirements.