Congressman Jim Langevin (D-RI), co-founder of the bipartisan Congressional Cybersecurity Caucus, today urged the House to consider two proposals vital to addressing cybersecurity threats as part of this week's debate of the National Defense Authorization Act (NDAA). Petitioning the House Rules Committee to allow floor votes on his amendments, Langevin emphasized that the major annual defense bill should not fail to address major shortcomings in the country's cyber defenses as evidence mounts about the risks we face.
The provisions offered by Langevin, taken from his bipartisan Executive Cyberspace Coordination Act, would ensure better security for government agencies through a National Office for Cyberspace in the executive branch and for critical infrastructure, such as the power grid and water systems, by establishing minimum safety standards. A similar amendment on improving protections for federal networks passed the House as part of the NDAA in 2010, but was removed during conference negotiations with the Senate.
"During debates over defense funding, I hear repeatedly that cuts to military programs -- even insufficient increases -- pose an unacceptable risk," said Langevin, Ranking Member of the Armed Services Subcommittee on Emerging Threats and Capabilities. "Yet without these amendments we are ignoring key aspects of what is fast becoming the biggest threat to our security. We are running out of time to address cybersecurity as nations like Iran and China rapidly increase their capabilities. This House has already demonstrated that cybersecurity can be a bipartisan issue let's do so again."
Langevin has long called for creation of a White House Office, as recommended by the bipartisan CSIS Commission of Cybersecurity for the 44th Presidency that he co-chaired, to address findings that government agencies lack coordination and have not pursued strong cybersecurity policies. The amendment proposed today, which passed in 2010, also requires development of secure acquisition policies to be used in the procurement of information technology products and services.
In addition, Langevin has expressed frustration that House Republican leadership has refused to permit a vote on instituting safety requirements for our most vulnerable and valuable industries even after a senior FBI official revealed that utilities in at least three U.S. cities were recently compromised. Bipartisan legislation that passed a Homeland Security Subcommittee earlier this year, the PRECISE Act, would have provided for minimum standards, but Republican leaders forced the Committee to remove those provisions and still would not bring it up for a vote during the House's so-called "Cyber Week" last month.
Congressman Langevin Statement to House Rules Committee
Cybersecurity Amendments to National Defense Authorization Act
May 16, 2012
As Prepared for Delivery
Chairman Dreier, Ranking Member Slaughter, Members of the Committee, thank you for the opportunity to speak on my amendment numbered 180 to H.R. 4130. Similar language passed the House two years ago during NDAA consideration without objection.
My amendment would secure government-owned IT networks against the massive data breaches and attacks that continue to plague them by implementing recommendations of the CSIS Commission on Cybersecurity and work by the Committee on Oversight and Government Reform.
Amendment #180 would coordinate efforts to secure federal networks and develop smarter cyber policies by establishing a National Cyberspace Office in the Executive Office of the President empowered to require that agencies have strong information security policies. Not only would this office ensure coordination during a serious attack, it would also have budgetary oversight powers backed by pay-for-performance authorities and would be accountable to Congress through reporting and Senate confirmation. These authorities are essential for any Administration to deal with the poor federal coordination experts have lamented.
This amendment's passage two years ago helped spark renewed action in the Senate. I hope its passage this week will do the same. While previous cost estimates may appear high, the cost of inaction is higher still. Publicly reported cyber incidents have repeatedly breached sensitive national security data, and threats across our government are accelerating. Moreover, these investments, many of which are already underway at the direction of the White House and Department of Homeland Security, will yield huge efficiencies and savings for our IT systems in the long run. As this amendment simply builds on successful action from last Congress, I respectfully ask that you again rule it in order.
Similarly, I ask that you allow Amendment #177, which implements critical infrastructure protections similar to those under Senate consideration and akin to provisions in the subcommittee-passed version of Mr. Lungren's PRECISE Act. Our military leaders are clearly concerned about threats facing critical infrastructure, and we know the status quo of voluntary action has not worked.
During debates over defense funding, I hear repeatedly that cuts to military programs -- even insufficient increases -- pose an unacceptable risk. Yet without these amendments we are ignoring key aspects of what is fast becoming the biggest threat to our security. We are running out of time to address cybersecurity as nations like Iran and China rapidly increase their capabilities. This House has already demonstrated that cybersecurity can be a bipartisan issue let's do so again. Thank you and I am happy to answer any questions.