WASHINGTON: Rep. Jim Langevin won’t come right out and say “I told you so” – but yes, he did tell the rest of the government so, years ago, and too few people listened.
The Rhode Island Democrat has long advocated stronger cybersecurity and continuity-of-government measures. Now, with government business disrupted and networks overloaded by the COVID-induced shift to online work, Langevin plans a new push for legislation recommended by the Cyberspace Solarium Commission, on which he served. That includes an uphill battle to recreate the White House cybersecurity coordinator office that President Trump abolished.
Langevin, chair of the House Armed Services emerging threats subcommittee, said he’ll try to include some of his reforms in the annual must-pass defense policy bill, the National Defense Authorization Act. But much of the cyber problem lies outside Armed Services’ jurisdiction. Langevin said this afternoon that he’s already gotten a receptive hearing from Rep. Nita Lowey, chair of the powerful House Appropriations Committee, and Rep. Carolyn Maloney, chair of Oversight & Reform.
Maloney specifically “had very supportive things to say about the National Cyber Directorate [in] the Executive Office of the President,” Langevin said today on a webcast hosted by law firm Venable LLP. “She’s anxious to get going with hearings or to actually see text of the bills; she and her staff are looking at that right now.”
“COVID-19 has forced us into this new reality,” Langevin said. “It’s a bit of an eye-opener, a wakeup call.”
On The Hill
“We’re looking at ways to more robustly embrace telework in … the Congress,” Langevin said.
“After 9/11, I was part of a continuity of Congress task force, and I was a strong advocate for creating an e-Congress. I actually introduced legislation [in] a couple of Congresses,” he recalled. “I said, there may come a time when the Capitol is not there, or we can’t get to the Capitol, we can’t get to the House floor, [when] we have to find other some mechanism – maybe if there were some bio-attack or some naturally occurring event where we couldn’t be around each other.”
“I guess those words were prophetic,” he said.
“The work of the Congress cannot come to a halt,” Langevin said. “We need to have a telework capability.” That would eliminate the need for the kind of cumbersome precautions required for in-person votes on the coronavirus stimulus package. Langevin has been working with both Rep. Zoe Lofgren, chair of the House Administration Committee, and Rep. James McGovern, chair of the Rules Committee.
“I’ve spoken to both them and we are looking at these alternative remote voting possibilities,” he said. “Security, though, has to be front of mind, and we cannot just rush into it.”
Congress can’t just use something like Zoom for official business, he said. Given the documented vulnerabilities of the popular online conferencing app, there’s too high a risk that, say, a foreign adversary would hack the feed with humiliating propaganda or, worse yet, undermine public confidence that votes were accurately counted.
In The White House
As hard as it is for Congress to clean up its own act, it’s even harder to legislate a reorganization in the White House. Presidents of both parties have jealously guarded their privilege to pick their own advisors — few more than Trump, who’s famous for rapidly promoting key aides and rapidly ousting them. Trump has also shrunk the National Security Council staff, which nonpartisan experts agree had grown bloated under Obama, and he eliminated the Obama-era cybersecurity coordinator, sometimes known by the baggage-laden nickname “cyber czar.”
The Cyberspace Solarium Commission’s final report recommended that “Congress should establish a Senate-confirmed National Cyber Director (NCD), supported by an Office of the NCD, within the Executive Office of the President…. positioned similarly to the Office of the U.S. Trade Representative. [The director] would report directly to the President [and] serve on the NSC for relevant (cybersecurity and associated emerging technology) issues.”
That “Senate-confirmed” is the biggest single hurdle. Presidents don’t like giving legislators a veto on their closest aides. The National Security Advisor, to give just one notable example, isn’t Senate-confirmed, although the US Trade Representative is.
Just as tricky is the budgetary authority the Solarium wants to give the Cyber Director, which would challenge the power of the Office of Management & Budget. To quote the report:
“[E]ach program manager, agency head, and department head with responsibilities under the National Cyber Strategy shall transmit the cyber budget request of the program, agency, or department to the NCD prior to sending it to the Office of Management and Budget (OMB). If the NCD determines that the budget proposed is not in alignment with the National Cyber Strategy, then he or she will recommend appropriate revisions. The NCD’s passback revisions must be addressed in the proposed budget and submitted to OMB,” the report says. “Any significant changes by OMB to the cybersecurity budget of any agency or department would require the concurrence of the NCD.”
“There’s going to be resistance coming from the White House,” acknowledged Langevin, who’s pushed similar legislation in past years to no effect. “No one from 1600 Pennsylvania Avenue likes Congress telling them how to do their job, how they should be structured, but the fact of the matter is it’s necessary.”
“One of the glaring loopholes or gaps, if you will, in our countries’ cybersecurity is we don’t have someone at the top coordinating,” Langevin said, “[with] not only the policy but the budgetary authority to reach across government to compel agencies to close gaps, to close vulnerabilities.”
“We want to prevent the next OPM hack,” he said, referring to China’s massive theft of Office of Personnel Management records revealed in 2015. “That happened because no one really had their eye on the ball that could force OPM to put in a budget request [to] upgrade their old legacy computer systems,” Langevin said. His proposed cybersecurity director, he argues, could fix that.
‘Plug and Play’: Army’s Project Linchpin prepares to unveil open-source architecture for AI
“It’s like the Wild, Wild West when it comes to AI right now,” Linchpin product lead Bharat Patel told Breaking Defense. “We don’t want to be the government and be like, ‘Here’re our standards, you must comply.’”