Congressman Plans to Propose Cyber Director Amendment to NDAA

The push to create a post within the White House with budgetary and policy authority to coordinate cybersecurity across the government is alive and well. Rep. Jim Langevin, D-R.I., expects to offer additional amendments to the National Defense Authorization Act when it comes to the floor Monday.

“We're hoping that we'll be voting on it next week,” Langevin said. “The NDAA is going to be on the floor next Monday, Tuesday, I hope to be able to offer the amendment there. I just don't know whether it will be part of a manager's amendment or whether it will be a standalone amendment. Those are things that we're working on right now.”

Langevin is chairman of the House Armed Services Committee’s panel on intelligence and emerging threats and capabilities. He is also co-chair of the Congressional Cybersecurity Caucus and Speaker Nancy Pelosi’s appointee to the Cyberspace Solarium Commission. 

He shared his plans for the NDAA, thoughts on recommendations from the Solarium Commission, and a larger vision for U.S. cyber policy in an interview with Nextgov.   

Establishing a national cyber director is the top recommendation of the bipartisan, public-private Solarium Commission. Langevin introduced the National Cyber Director Act after the Senate’s NDAA cleared committee without language calling for the position.  

“I hope we'll have success getting that bill through the whole NDAA process,” Langevin said. “I'm doing my part on the House side for next week and hopefully we'll be able to offer that as an amendment and hopefully it gets accepted.”

Langevin will be among members of the commission testifying before the House Oversight Committee Wednesday where he hopes to answer questions about his legislation and secure an understanding of its importance. 

Langevin also plans to support two other cyber amendments to the NDAA once it’s on the floor. 

He’ll propose a continuity of the economy amendment that would prioritize essential services in getting the economy back up and running in the event of a cyberattack and incentivize states and municipalities to move to the cloud as they modernize their information technology. And Langevin will back an amendment from Rep. Cedric Richmond, D-La., chairman of the House Homeland Security Committee’s subcommittee on cybersecurity, infrastructure protection and innovation, to create a joint cyber planning office at the Cybersecurity and Infrastructure Security Agency. 

“You don't want to just be responding on the day an attack happens,” Langevin said, "You want that playbook exercised and worked out ahead of time."

A joint cyber planning office at CISA has also been proposed as an amendment to the Senate’s NDAA.

To the NDAA and Beyond 

Langevin has already successfully attached a number of amendments to the House NDAA during its committee markup. 

Among those, he highlighted two that would give CISA more power and resources and clarify the agency is in charge when it comes to coordinated cyber defense. 

“Right now sometimes it's kind of unclear whether it's FBI or U.S Cyber Command, or other areas of government,” Langevin said referring to efforts to establish an integrated cyber center. “This will make it clear when there's an operation going on that CISA is coordinating that.” 

Another key Solarium Commission recommendation that Langevin attached to the NDAA is for the creation of a Joint Collaborative Environment. This would facilitate the government and the private sector working closely together to combat cyber threats.    

This is “really important to put context to both what we're seeing in terms of threats and what we need to do to protect against those threats,” Langevin said.

Language Langevin attached to the House NDAA explores whether the Joint Collaborative Environment should mimic aspects of the United Kingdom’s National Cyber Security Centre. 

Apart from the closer working relationship between the public and private sector, Langevin hopes that the U.S. might eventually adopt aspects of the British model that asks more of internet service providers. 

“The National Cyber Centre is impressive work,” Langevin said. “They require a lot more of their ISPs, for example, to block a lot of malicious traffic. We haven't done a lot in that respect and I think ISPs can and should be doing much more because they have much more visibility. I think, quite frankly, that they can block a lot more of the traffic than they block. Great Britain and their National Cyber Centre, they require that. That's what I'd like to see, to get to that model.”