A bill from a House Republican would start to carry out recommendations from the Congressionally-chartered Cyberspace Solarium Commission. The bill has a lot to say about the Cybersecurity and Infrastructure Security Agency and other federal cyber efforts. With details, the ranking member of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Innovation, New York Representative John Katko, joined Federal Drive with Tom Temin.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Tom Temin: Mr. Katko, good to have you on.
Rep. John Katko: How are you doing today my friend?
Tom Temin: Okay. And tell us about this bill that is just introduced, and you’ve got some bipartisan support, I guess.
Rep. John Katko: Yeah, there’s a number of bills, it’s actually a package of bills. What happened was CISA, which is known as the Cybersecurity and Infrastructure Security Agency is one of the main components for cybersecurity in the United States. It’s a sub agency of Homeland Security. So what happened was last year in the NDAA bill, the National Defense Authorization Act, they formally was called the Solarium Commission to look at the cybersecurity vulnerabilities in our country, which are quite significant. And the good thing about this is it happened before a gigantic cyber crisis happened. And it’s kind of like the 9/11 Commission happened after 9/11. This is happening before the major event, which everyone suspects could happen at any time. So, to me, it was really well timed. And they issued a ton of recommendations. And a lot of the recommendations, at least 25 of them from the Solarium, have been included in the NDAA, and many of them sought to strengthen CISA and other things — and three of my bills were part of that as well. One of them talks about strengthening CISA and requires a GSA assessment of their facilities as well and say, do you have enough resources? And I’ll stop there, but there’s a lot more to it than that.
Tom Temin: Well, one thing it would do is change the nature of the head of CISA, change the nature of the job in the way that person comes in. Tell us about that provision.
Rep. John Katko: Yeah, that’s the CISA director and assistant director. What we realized is, first of all, in a cyber realm, the job shortages are in hundreds of thousands and closing in on a million. So it’s a highly competitive field. And so we want people at CISA, even if we’re not making as much money as the outside world, making as much as they can in the federal government, and having a five year term, so it’s not subject to the political machinations of the modern Congress and presidency. So give them a five year term and depoliticizing the assistant director position so that they don’t have to be presidential appointments. By doing that, I think it really helps stabilize the leadership there and entice people to come there and stay there and work there because we need talented people in CISA, especially at the leadership level.
Tom Temin: Got it. And then there’s something there called the CISA Public-Private Talent Exchange Act. Give us more about that.
Rep. John Katko: Right on. That kind of goes right into what I was talking about with respect to the personnel issue. It’s very hard for CISA to take people and keep them there because the outside market is so lucrative, so a lot of times they come in and they get some experience and they leave and it’s very hard. So what this Public-Private Talent Exchange does, it’s a bill that I have, it creates and enhances the industry government exchange program for cyber professionals, kind of have like a cross pollenization. People at CISA can go to private sector for a while get loaned out and vice versa. And it really fosters cybersecurity skills development and fosters interpersonal relationships tat CISA needs with the private sector. And it’s really important because the cybersecurity issues in this country are profound, and you got to have that public private partnership.
Tom Temin: And talk about some of the support you have. I guess Jim Langevin worked with you on these and he’s, well known on the Democratic side to have cyber security as one of his chief pursuits.
Rep. John Katko: Yeah. And people think bipartisanship is dead in Congress, and it’s easy to think that we’re looking at the news these days, but it’s just not true. Jim and I got together, we both have an interest in this area. Jim was on the solarium commission, so I said look I’ll take the Republican side and make sure we get co-sponsors and get these things rolling. And because of our collaborative effort, we’ve been able to get literally dozens of very important solarium recommendations into the NDAA bill, and then NDAA bill is going to sail now I think, it should sqil in the Senate so we shouldn’t have a problem and they’re gonna become law. For a congressionally appointed commission be formed one year, issue recommendations, and for the vast majority of his recommendations become law the next year is, quite frankly, unheard of. And so this is what happens when you collaborate. I’m happy to work with Jim. He’s a wonderful guy and a very talented number of Congress.
Tom Temin: And with respect to the provisions that would ask CISA what its physical requirements are, its facilities needs — what’s your sense of what it does need? What have you heard?
Rep. John Katko: Oh my gosh, they’re in like 9 or 10, 11, 12 different buildings. And it’s not like we need this great big monolith of another agency. But we do need these people to be under one roof as best we can, because we need to basically strengthen and clarify their authority, but also make sure that the funding is commensurate with what their mission is. And if you think about it, from a domestic standpoint, their mission is to stop the greatest threat in our country today, and that is cybersecurity. And the only way to do that is to make sure that they have the proper funding, but also make sure that they have the ability to live under one roof as best they can so collaboration within the agency happens. It basically enhances their ability to carry out the role in this most important area.
Tom Temin: I guess for that matter, it doesn’t have to be in Washington D.C., although there’s still all that vacant land up by the old St. Elizabeth’s, which part of Homeland Security is in there.
Rep. John Katko: Yeah, there’s some discussion about that. There’s some discussion about them being a little more south of the city in Virginia. But I think that the important thing is to get them in one place. You got to think workforce too, right? And now where are these people that are already sacrificing much by working for the government, sacrificing a lot of the money that can make in the private sector. If you force them into the city, is that the right thing to do? And all those things should be considered and take a look at CISA’s recommendations and report to Congress for the 30 days on how best to accommodate their mission. And I think that’s really important and that it really dovetails with the commission’s recommendations for an integrated cyber center within CISA. So you have some of the disparate agencies and think about it like from 9/11. We knew that there was a bunch of disparate agencies dealing with anti-terrorism issues, even within the Department of Justice, that didn’t always dhare the information, they didn’t collaborate enough. Well we fixed that. And I think basically just the same idea here, we’re trying to make sure that disparate sub agencies and some sub offices within Homeland and within CISA are all under one roof and all having that collaboration you need to get the best results and protect the country.
Tom Temin: And just to clarify this package of bills with respect to CISA are part of the NDAA at this point that’s being debated?
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Rep. John Katko: They are part of NDAA. The Public Private Talent Exchange, they’re still working on that one. I know about the assistant director, director is definitely part of it, and strengthening CISA as part of it as well. So yeah there’s scores of others. So we’re really excited. It’s kind of the quiet work you do in Congress, it doesn’t get noticed cause it’s not real sexy, but it’s really important that we do this.
Tom Temin: Well it gets noticed here. And once this fairly heavy lift is through and the NDAA presumably passes, what are you looking at for subsequent years with respect to cyber and the solarium commission?
Rep. John Katko: Well, I tell you for cyber and the solarium commission is implement the rest of recommendations as best we can. But also just to make sure that from an oversight standpoint, we’re continuing to closely monitor systems development. They’re a relatively new sub agency, but they are critically important across a whole dot gov domain, but also across all America’s cybersecurity vulnerabilities, and we got to make sure that they definitely have a better working relationship with the Department of Defense, which is the primary cybersecurity entity. And also one of the things we’re really pushing for, which I think would be critically important is to get basically a national overseer of the cyber mission as a whole, kind of like what we had when I was a drug prosecutor. They finally got a Director of National Drug Control Policy, and that was at the White House executive level. And he oversaw all the different agencies to deal with drug enforcement and drug policy. And we really kind of need that in a cyber realm, a national cyber director that’s at the executive level so that they can properly advise the president but also look at things from a little more of a 30,000 foot level and see what Homeland’s doing, see what CISAs doing under Homeland, see what the Department of Defense is doing, and others and just make sure that everything is synced properly. I think it’s very important going forward.
Tom Temin: New York Congressman John Katko is the ranking member of the House Homeland Security Subcommittee on Cybersecurity Infrastructure Protection and Innovation. Thanks so much for joining me.
Rep. John Katko: Sure thing, anytime — and let’s get up and do some motorcycle riding in upstate New York.
Tom Temin: I’ll see you up there.