Bipartisan House Group Pushes for White House National Cyber Director

Introduced in June by Rep. James Langevin, D-R.I., the National Cyber Director Act (HR-7331) would have a cyber director lead national coordination of cyber strategy and policy. Republican co-sponsors include Mike Gallagher, Wis., co-chair of the Cyberspace Solarium Commission; Will Hurd, Texas; and John Katko, N.Y., ranking member of the House Cybersecurity Subcommittee.

The position is needed for a central and streamlined strategy within the White House, said Chair Carolyn Maloney, D-N.Y. She cited threats from China, Russia, Iran and North Korea. Cyberattacks cost U.S. companies billions of dollars yearly, said Langevin, noting breaches against the Office of Personnel Management and Sony, plus the Wannacry attack (see 1905290055). Only the White House can coordinate among agencies on an issue that’s difficult to quantify and detect, he said. Langevin added to the record a U.S. Chamber of Commerce letter of endorsement for the position.

Ranking member James Comer, R-Ky., questioned whether it’s necessary to create another federal office when multiple agencies have a “piece of the cyber pie.” He asked whether Congress should do more to support the current system.

Gallagher said he understands concerns about bureaucracy, which he used to share. But the current structure isn’t adequate to combat issues on the scale of the Sept. 11, 2001, attacks and having a single person responsible means less bureaucratic response, not more, he said.

Comer questioned the size of a potential new office, estimated to have 75-100 new staffers. Gallagher said 75 is about right, which would carry a budget impact of $10 million-$15 million and consistent with other Senate-confirmed offices.

Comer questioned whether the president’s cyber policy decisions might be constrained. Gallagher said no, the director can look at cyber budget items and flag them for the president. The president retains final authority to resolve any disputes between agencies and whether to follow the director's advice, he said.

Former House Intelligence Committee Chairman Michael Rogers, R-Mich., testified he initially opposed the proposal. Rogers has partnered with small startup cybersecurity companies, which offered him perspective on how government responds to the issue, he said. The proposal doesn’t expand government, it focuses leadership, he said.

An executive-level organization is the only point of contact that can coordinate multiple agencies without authorities clashing, testified former White House Cybersecurity Coordinator Michael Daniel, now Cyber Threat Alliance CEO. Tenable CEO Amit Yoran also supported the legislation, and recommended a national encryption policy that balances the needs of law enforcement, security and privacy.

The intelligence community, DOD and FBI won’t relinquish their authority in this area, testified Cyberspace Solarium Commissioner Suzanne Spaulding. A cyber director should be empowered to address coordination with the backing of the president so it can get information from law enforcement, the military and the intelligence community, she said.

George Mason University assistant professor Jamil Jaffer supported the new office but questioned the need for an office employing a third of the size of the National Security Council. A five-to-15-person office without Senate confirmation could be effective, too, he said.

Rep. Thomas Massie, R-Ky., suggested a deputy director be appointed for privacy and civil liberties if the legislation passes. The pandemic exposed state actors to potential attacks and how the government is potentially ill-equipped to respond to global threats, said Rep. Jamie Raskin, D-Md., in support of the bill.