WASHINGTON – Congressman Jim Langevin (D-RI), a senior member of the House Armed Services and Homeland Security Committees and a member of the United States Cyberspace Solarium Commission, offered the following summary of his written testimony at the House Committee on Oversight and Reform’s hearing on H.R. 7331, the National Cyber Director Act. Langevin testified in front of the Committee as part of larger, bipartisan effort he’s leading to include amendment language in the Fiscal Year 2021 National Defense Authorization Act being considered on the House Floor next week. Video of Langevin’s statement and a live feed of the proceedings: https://oversight.house.gov/.
«Good afternoon, Chairwoman Maloney, Ranking Member Comer, and distinguished members of the Committee. It is always humbling to sit on this side of the witness table – even when it’s virtual – and I want to begin my remarks by thanking you all for the important work you do. I particularly want to thank the Chairwoman for convening this hearing and for her partnership in raising the issue of creating a National Cyber Director.
«I join you today as a representative of the Cyberspace Solarium Commission. In the 2019 National Defense Authorization Act, Congress charged the Solarium Commission with ‘develop[ing] a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequence.’ However, in our first meeting, outside experts on Congressional commissions told us that we were attempting the impossible: we were trying to have a 9/11 Commission level of impact without the precipitating event of a September 11th.
«Madam Chair, I reject that cynical view. I believe that if we come together in a non-partisan fashion to implement the Solarium Commission recommendations, we can alter the trend that sees cyber risk grow year after year. We can push back on our adversaries who see the cyber domain as the ultimate realm for asymmetric operations in the ‘gray zone’ short of war. We can seize the initiative and ensure that we are not left to wonder the day after an attack: ‘what more could we have done?’
«That is how I view the work of the Cyberspace Solarium Commission. That is the urgency I bring to the table. And, more so than any of the other 82 recommendations the Solarium Commission proposes, the National Cyber Director is essential to seizing the initiative from our adversaries.
«It is essential because cybersecurity permeates every aspect of our society and every aspect of our government. Every department and agency, from the Department of Agriculture to the Department of Veteran Affairs, relies on secure information technology to conduct business. Yet very few of them have cybersecurity as part of their mission nor is it their primary focus. Because cybersecurity is difficult to measure, we end up with misaligned incentives – people skimp on cybersecurity because they would rather invest in ‘operationally relevant’ programs. We need a strong leader in the White House to defeat the inertia that pushes investments in cybersecurity down the road or until a devastating breach occurs.
«We also need a strong cyber leader in the White House to coordinate strategy. Beyond government systems, our national and economic security rely on critical infrastructure, most of which is owned and operated by the private sector. Where once we could rely on two oceans and friendly neighbors to insulate us, today, our banks, hospitals, and power plants are on the front lines of shadow campaigns to undermine our way of life. Only within the White House can we break down agency siloes to ensure we have a whole-of-nation effort to protect our networks.
«Finally, Madam Chair, we need a National Cyber Director in the White House to coordinate incident response. We are living through a public health crisis the likes of which we have not seen in over a century. When our adversaries strike us in cyberspace, we must be prepared to defend early – to stamp out the infections from computer viruses, to quarantine the affected networks, and to inoculate uninfected machines by patching them. This is only possible with a National Cyber Director.
«This idea is not new. I worked on it with the CSIS Commission for the 44th Presidency in 2008. But as my friend Mr. Gallagher has taken great pains to describe – at length – the Solarium process pioneered by President Eisenhower has a way of refining one’s thinking. We debated the proposal for a National Cyber Director extensively, and we were very deliberate in our decision making. We chose an office in the White House because only the White House can truly reach across departments and agencies to manage a risk so pervasive as cyber. We chose a Senate-confirmed position because Congressional oversight – and buy-in – is critical to the success of the office. We chose to preserve a coordinative – rather than operational – bent to the role because our cyber defenders need strategic guidance, not tactical advice.
«Madam Chair, there are some who argue that the National Cyber Director Act is Congressional overreach. There are those who say that the President is the ultimate arbiter of the Executive Office of the President and that Congress has no business interfering in these Article II affairs. Those people are disregarding history, as Congress has helped to guide White House structure in the past when the moment demanded it, such as when Congress created the Office of Science and Technology Policy or the U.S. Trade Representative. But more concerning to me, these people implicitly endorse the status quo. And that scares me.
«It scares me because every day I wake up and see our adversaries making gains in cyberspace. I saw it under President Bush, I saw it under President Obama, and I see it today under President Trump. I see our adversaries stealing our intellectual property, shaping norms that suit their interests on the international stage, striking out at our partners and allies, and attempting to undermine our elections.
«It’s time we seize the initiative. It’s time we set the agenda, pushing back on our competitors and shaping their behavior by improving our resilience and strengthening the cyber ecosystem. It’s time we empower a National Cyber Director in the White House.
«Madam Chair, serving on the Solarium Commission with Mr. Gallagher has been one of the most rewarding experiences of my life. His leadership and that of Senator King, the contributions of our fellow Commissioners, and the enormous dedication of our immensely talented staff are all reflected in the bill we are discussing today. It is an honor to have the opportunity to present it before you, and I look forward to answering any questions you may have.»