Rep. Jim Langevin, D-R.I., a co-chair of the House Cybersecurity Caucus since its founding in 2008, isn’t giving up easily on one of his chief ideas to improve how Congress deals with cybersecurity: radically shrinking jurisdiction over the issue.
Speaking at The Atlantic’s Cyber Landscape event today, Langevin said that creating more confined congressional jurisdiction over cybersecurity matters and expanding information sharing would help Congress more efficiently tackle cyber issues.
He underscored the most practical aspect of that view by saying the diffuse nature of cybersecurity jurisdiction across different congressional committees and subcommittees makes it difficult for representatives and senators to take unified, meaningful action on addressing the fast-changing and complicated problem that cybersecurity poses.
“You have some 80 to 100 different committees and subcommittees that have some kind of jurisdiction on cyber,” Langevin said. “It makes it challenging to move with agility when we can’t move with the agility we need to protect the country in cyberspace.”
As a for-instance, Langevin recalled that the Cyber Information Sharing Act bill passed in 2015 took six years to develop, largely because of the scattered jurisdiction of cybersecurity matters across Congress.
“Had it been one, two, or maybe three major committees, it would have moved with greater agility,” he said. “But there were different committees and subcommittees that had a different piece in it.”
Healthcare reform jurisdiction under President Barack Obama was limited to three committees, Langevin said, and that largely contributed to their ability to help develop legislation as huge as the Affordable Care Act within a reasonable time frame. If Congress applied the same focus and streamlining of healthcare reform to cybersecurity policy, Langevin said, legislators could make greater strides in addressing pressing national cyber matters.
On the broader issue of cyber threat data sharing underlying the 2015 CISA Act, Langevin said the rapid sharing of threat and other data is the key for how both the public and private sectors can protect themselves from cyberattacks and vulnerabilities.
“If you know that there’s one area or one business [that’s] getting hit … we can share that information at network speed about what that vulnerability is and how to fix it,” Langevin explained.