Rep. Garbarino ‘disappointed’ Senate hasn’t approved Trump’s CISA nominee

(L-R) Frank J. Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, Rep. Andrew Garbarino, R-N.Y., and Drew Bagley, CrowdStrike's vice president and counsel for Privacy and Cyber Policy speak at a McCrary Institute event Dec. 16.

(L-R) Frank J. Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, Rep. Andrew Garbarino, R-N.Y., and Drew Bagley, CrowdStrike's vice president and counsel for Privacy and Cyber Policy speak at a McCrary Institute event Dec. 16. David DiMolfetta/Staff

Featured eBooks
Future-Ready Workforce
Read Now

Health Tech

Read Now

AI Applications

Read Now
Insights & Reports
AI Infrastructure for a National Advantage
Presented By MinIO
Download Now
Reach Zero Trust Mandates with an Adaptive Approach
Presented By Forescout Technologies
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The House Homeland Security Committee chairman also questioned a recent FCC vote to reverse telecom security rules put in place after a major Chinese cyber intrusion.

With Congress in its final week of the year, House Homeland Security Chairman Andrew Garbarino, R-N.Y., said Tuesday he is “disappointed” the Senate has not yet voted to confirm Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency.

As he exited an event held by the McCrary Institute about cyber threats and priorities under his committee in the coming year, he told Nextgov/FCW that Plankey “would be a great director of CISA, and I’m disappointed the Senate hasn’t moved on it.”

Plankey was nominated in February, but the confirmation process has faced numerous procedural hurdles and was slowed further during the recent government shutdown. A new obstacle from Sen. Rick Scott, R-Fla., that surfaced earlier this month prompted DHS officials and industry stakeholders to mount a last-minute effort to bring Plankey to the finish line, but limited calendar time remaining this year means the nomination could fail within the next week.

If that happens, President Donald Trump would have to renominate Plankey, unless he decides to choose someone else for the role. The White House has not made any public indication on what direction it will go.

On stage at the event, Garbarino said “hopefully [the confirmation] is soon,” because part of his committee's priorities involve working with the cyberdefense agency on areas like regulatory harmonization and information-sharing authorities.

The chairman pushed hard for a longer-term reauthorization of the Cybersecurity Information Sharing Act of 2015, a bedrock law that lapsed when the government shut down in late September. Congress temporarily revived it in the short-term funding bill that reopened the government through Jan. 30, meaning the law is only restored for the length of that stopgap extension.

The original 2015 law let private sector providers transmit cyber threat data to government partners like the FBI or NSA with key legal protections in place that shield those companies from lawsuits and regulatory penalties. 

The House Homeland panel has previously advanced its own version of an extension, but some lawmakers in the Senate have their own measures that will need to be reconciled.

“Some of them want to do a 10-year clean re-auth,” Garbarino said on stage. “I don’t know if I can get that passed in the House with concerns from the Freedom Caucus,” and Senate Homeland Chairman Rand Paul, R-Ky., “has some thoughts that he would like to get done.”

Paul’s misgivings on the information-sharing bill are a product of his longstanding suspicion of CISA and its purported infringement on Americans’ free speech when it collaborated with social media companies to call out mis- and disinformation.

Paul has previously proposed a different version of the bill that extends the law by just two years and jettisons a key legal clause that incentivizes companies to share threat information with the government.

It’s possible that any renewal measure will need to be attached to another legislative vehicle, Garbarino said.

“If we don’t have this bill, people are going to stop sharing information,” he added. “That is a bad day.”

Asked about a committee investigation into major Chinese cyberintrusions — launched in March by his predecessor, former-Tennessee Rep. Mark Green — Garbarino said there is still some back-and-forth between the committee and Department of Homeland Security. 

“I believe the first responses we got did not answer all of our questions,” he said.

The probe, first reported by Nextgov/FCW, seeks to examine Volt Typhoon, a Beijing-aligned cyber collective discovered inside troves of non-military critical infrastructure, and Salt Typhoon, which carried out a sweeping global intrusion in telecommunications systems and targeted key U.S. officials’ phone calls in the process.

The House Homeland chairman also questioned a recent Federal Communications Commission vote to reverse telecom security rules put in place after the Salt Typhoon hacks were discovered last year. The move drew ire from multiple Senate Democrats.

“I’m not sure I would have voted to get rid of some of the protections, some of the rules. But again, it wasn’t my vote,” Garbarino said.

NEXT STORY: Trump admin to revisit bedrock cyber policies as it implements new strategy