U.S. Cybersecurity Legislation: What Three Newly Proposed Bills Mean
Three newly introduced bills would add weight and influence to the Department of Homeland Security’s cyber wing through increased stability in leadership positions, additional resources and a public-private workforce exchange program.
The package of bipartisan legislation, sponsored by Rep. John Katko (R-NY), the ranking member of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, includes:
- The Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act.
- Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020.
- The CISA Public-Private Talent Exchange Act.
Taken together, the measures aim to enrich the Cybersecurity and Infrastructure Security Agency’s (CISA) national cybersecurity profile. Of note, all three Katko bills are tied to the Cyberspace Solarium Commission’s (CSC) report delivered last March that offered dozens of cybersecurity-related recommendations to improve the nation’s defenses. Along those lines, Katko was also among a bipartisan group of legislators who recently proposed the CSC-inspired National Cyber Director Act advocating for a lead national-level coordinator on cyber strategy and policy.
Here are the elements of the three bills:
The Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act.
- Creates a five-year term for the CISA Director, with a limit of two terms.
- Elevates the Director to the equivalent of a Deputy Secretary and Military Service Secretaries.
- Categorizes the Assistant Director positions as career public servants appointed by the DHS Secretary.
The Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020.
- Requires CISA to review how additional appropriations could be used to support programs for national risk management, federal information systems management, and public-private cybersecurity and integration.
- Requires a review of workforce structure and current facilities and projected needs.
- Mandates that CISA provides a report to the House and Senate Homeland Committees within one year of enactment including recommendations to the General Services Administration (GSA) on facility needs.
- Requires GSA to provide a review to the Administration and House and Senate Committees on CISA facilities needs within 30-days of Congressional report.
The CISA Public-Private Talent Exchange Act.
- Requires CISA to create a public-private workforce program to facilitate the exchange of ideas, strategies, and concepts between federal and private sector cybersecurity professionals.
- Expands existing private outreach and partnership efforts.
“The time for our nation to take cybersecurity seriously is far overdue,” Katko said. “Underscoring this fact, throughout the COVID-19 pandemic, American businesses and governments, as well as individuals working from home, have experienced a significant uptick in cyber attacks. As a nation, it’s clear we must do better to prepare for and respond to these attacks,” he said.