Lawmakers introduce legislation to establish national cybersecurity director

A bipartisan group of lawmakers on Thursday introduced legislation in the House that would establish a “national cybersecurity director” to lead government efforts on cybersecurity.

The National Cyber Director Act would establish the position within the White House, with the director meant to serve as the president’s key adviser on cybersecurity and other emerging technology issues. 

The individual filling the position would be nominated by the president and then Senate-confirmed, and would be responsible for overseeing the creation and implementation of a national cybersecurity strategy to address security risks to the U.S. in cyberspace. 

The position would take over many of the responsibilities of the White House cybersecurity coordinator, a position that was eliminated in 2018 by former national security adviser John Bolton following the departure of former cybersecurity coordinator Rob Joyce. 

The creation of a national cyber director was one of the key recommendations made by the Cyberspace Solarium Commission (CSC) as part of its report rolled out in March on how to protect the nation from cybersecurity threats. The CSC was established by Congress and is made up of members of Congress, top federal officials and industry representatives. 

Rep. Mike Gallagher (R-Wis.), the co-chairman of the CSC, and CSC member Rep. Jim Langevin (D-R.I.) are among the sponsors of the bill.  

Langevin said in a statement that “complicated” cybersecurity policy necessitates a national leader on the issue. 

“Only within the White House can we cohesively develop and implement a truly whole-of-nation cyber strategy that is commensurate with the threats we face,” Langevin said. “By establishing a National Cyber Director with the policy and budgetary authority to reach across government, we can better address cybersecurity vulnerabilities and gaps holistically and prevent catastrophic cyber incidents.”

Gallagher said separately that the COVID-19 pandemic had demonstrated the need to be prepared to face a debilitating cyberattack that could cause similar societal disruptions. 

“The coronavirus has elevated the importance of cyber infrastructure and demonstrated how incredibly disruptive a major cyberattack could be,” Gallagher said. “But while we are woefully unprepared for a cyber calamity, there is still time to right the ship.”

Other sponsors include Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security’s cybersecurity subcommittee, House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-N.Y.), Rep. Will Hurd (Texas), the top Republican on the House Intelligence Committee’s subcommittee on intelligence modernization and readiness, and Rep. Dutch Ruppersberger (D-Md.).

“At the national level, we need a coordinated approach to cybersecurity that ensures individuals, businesses, schools, hospitals, and governments are protected against cyberattacks,” Katko said in a statement, adding that a national cyber director would be a boost for national security.

Maloney noted that “the heightened cyber-attacks we’ve witnessed around the world in response to the coronavirus pandemic, including efforts to impede the U.S. response, demonstrate the urgent need for a National Cyber Director to ensure our nation’s cybersecurity strategy is streamlined, prioritized, and as effective as possible.”

Former White House cybersecurity coordinator Michael Daniel, who served under former President Obama, backed the bill on Thursday.

“The need for greater coordination, focus, and clarity on cybersecurity within the U.S. government is clear,” Daniel said in a statement. “So, while I am normally skeptical about creating new positions as a solution to policy problems, establishing a National Cyber Director within the Executive Office of the President is the right approach for this situation.” 

While the bill was only introduced in the House on Thursday, Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) expressed support last month for including a clause in this year’s National Defense Authorization Act (NDAA) to establish a national cybersecurity director.

The Senate Armed Services Committee’s version of the NDAA did not include this clause, but did include a requirement to carry out an assessment of the “feasibility” of creating the position.