The top Republican on the House Homeland Security Committee said the Cybersecurity and Infrastructure Security Agency should play quarterback for cybersecurity in the federal government, and should be funded like one.
Committee Ranking Member John Katko (R-N.Y.) said CISA needs “a lot more money and need a lot more resources” to meet its mission, and could easily see Congress giving CISA a $5 billion budget in the coming years.
“Every team needs a quarterback. You don’t have a quarterback, full stop. CISA needs to be that quarterback,” Katko said last week in a keynote address at Auburn University’s McCrary Institute.
That level of funding would more than double CISA’s current budget — about half of which now goes toward cyber programs, former CISA Director Chris Krebs told lawmakers last month.
Katko said he sees room for bipartisan action on cyber issues from committee chairman Bennie Thompson (D-Miss.) and the rest of the committee.
“One of the biggest threats we have is cyber. And it’s really, its cause for great collaboration, and it’s quintessentially bipartisan,” he said.
The funding increase would give CISA more bandwidth to stand up a range of new cyber defense capabilities that Congress granted it under the latest National Defense Authorization Act.
The NDAA gives CISA the authority to hunt proactively for threats across civilian federal networks, but Katko previously warned that the agency doesn’t yet have the centralized visibility or authority to respond quickly to incidents.
The agency also has administrative subpoenas authority over internet service providers when the agency detects critical vulnerabilities in national infrastructure, but Katko said CISA should encourage the private sector to turn over more information about the cyber threats they face.
Through its National Risk Management Center, CISA also serves as a top federal liaison on cyber issues for private-sector owners of national critical infrastructure. But Katko said the agency is able to collect data on only a small percentage of the breaches that happen in the United States.
In order to improve that data collection, he said private sector companies need to feel comfortable sharing cyber threat intelligence with CISA.
If CISA is the federal government’s quarterback for cybersecurity, then Katko said the White House’s National Cyber Director should serve as the “head coach” for cybersecurity in the executive branch.
Congress required the White House to stand up a cyber director position in the latest NDAA, but has not yet named someone to that office.
The White House has made Anne Neuberger, the deputy national security advisor for cyber and emerging tech within the National Security Council, the go-to person for the Biden administration’s response to the SolarWinds breach and other top cyber priorities.
But Katko said a Senate-confirmed national cyber director would be in a better position to coordinate and “see the entire battlefield” of activities within CISA, the intelligence community and the Defense Department.
“We can’t overly rely on NSC to carry out the duties, and we shouldn’t. They have it in interests that are maybe different than CISA’s. And CISA’s interests are obviously different than DoD’s. So to me, having that National Cyber Director is just a natural thing to happen,” Katko said
In addition to funding, Katko is also pressing President Joe Biden to name a permanent director for CISA. Brandon Wales has served as acting director since former President Donald Trump fired Krebs last November.
While Katko said Wales has done a great job, he added that a permanent director would be a “strong advocate” for the substantial changes he’s recommended for the agency.
“I’ve seen people in acting roles that are very, very reticent to do anything. I don’t think Brandon [Wales] is in that role, but there’s a lot of things — not just maintaining the status quo — that we’ve got to deal with,” Katko said.