Senator Pushes to Require National Cyber Director in Defense Authorization Bill

The head of the Senate Homeland Security and Governmental Affairs Committee wants to require a Senate-confirmed national cyber director in the coming annual defense authorization bill.

“The first recommendation I want to talk about which we’re working hard to get hopefully included in the defense authorization act so it can become law, is the need to put somebody in charge, a national cyber director,” Chairman Ron Johnson, R-Wis., said.

Johnson was referring to recommendations of the National Cyberspace Solarium Commission, members of which testified Wednesday during a committee hearing.

Johnson also pushed and heard support for legislation he’s proposed with Sen. Maggie Hassan, D-N.H., which would give the Cybersecurity and Infrastructure Security Agency subpoena power over internet service providers, to be included in the NDAA. 

Rep. Mike Gallagher, R-Wis., a co-chair of the commission, explained how a new cyber director’s office would differ from CISA.

“CISA is always primarily going to have that mission of defending critical infrastructure, the .gov space, in a similar way in which [the National Security Agency] and [U.S. Cyber Command] defend the .mil space,” he told the committee. “The national cyber director would have a more coordinating function that is making sure that CISA, in performing that mission is also working well with NSA, with Cybercom, and all the other federal agencies that play in the cyber space.”

The would-be cyber director’s office would be able to coordinate across missions and do long term planning as CISA fights on a day-to-day basis to protect civilian agencies, he said.

Solarium commission member Suzanne Spaulding, who previously led the Department of Homeland Security Office that became CISA and served as general counsel to the Central Intelligence Agency, added the director would be able to bring together offensive and defensive planning. Such a director also could incorporate authorities of the intelligence services and the military into a broader effort to protect the U.S. from cyber threats. 

The idea of a national cyber coordinator is not new. Former National Security Advisor John Bolton eliminated a similar post in May 2018, saying it amounted to unnecessary bureaucracy within the National Security Council.  

Gallagher said the commission’s recommendation is for the cyber director’s office to be modeled off that of the U.S. Trade Representative “because it’s interdisciplinary, it’s functionally oriented, and it’s institutionalized with Senate-confirmed leadership and situated within the executive office of the president.”

Johnson said he signed onto a letter with Sen. Mike Rounds, R-S.D., chairman of the Senate Armed Services’ subcommittee on cybersecurity, asking Sen. Angus King, I-Maine, to lay out more of such details on what the cyber director’s position would look like so it can be included in the NDAA.  

King, Solarium Commission co-chair, accepted the mission, saying there is a need for structure to enable accountability.

“I always liked to have one throat to choke,” he said, referring back to his days spent in the business community, “and that’s the national cyber director.”