National Cyber Director Proposed to Coordinate Computer Security

WASHINGTON – Democrats and Republicans agreed Wednesday during a congressional hearing that the U.S. government needs a more proactive strategy for protecting against cyberattacks but disagreed how to accomplish it.

Democrats want a new agency to address cyberthreats while Republicans suggest working more aggressively through existing sectors of the government.

They also agreed the coronavirus pandemic demonstrates the nation’s vulnerability to cyberattacks.

Cyberattacks represent “a growing threat” as political adversaries like China, Russia, Iran and North Korea seek to disrupt U.S. computer systems and steal intellectual property, said Rep. Carolyn B. Maloney, D-N.Y., chairwoman of the House Oversight and Reform Committee.

The most recent example she mentioned was an effort by China to steal intellectual property being developed for a coronavirus vaccine.

American pharmaceutical companies are racing to develop a vaccine that could be worth hundreds of billions of dollars in international sales.

Law enforcement agencies report tracing Internet traffic and other markers in computer code indicating the Chinese are trying to tap into records of the pharmaceutical researchers.

Congress is searching for a solution “to ensure we are fully prepared for and coordinated” for cyberattacks, Maloney said.

The leading legislative proposal for confronting the threats is H.R. 7331, the National Cyber Director Act.

The bill would set up 75 cybersecurity experts in a new White House office to oversee the federal government’s efforts to protect the nation’s computer networks. They would be authorized to review the cybersecurity budgets of other federal agencies, recommend changes and to coordinate the response to a national cyberattack emergency.

Currently, federal cybersecurity is spread across multiple agencies. 

The bill was included among recommendations in a report by the Cyberspace Solarium Commission, which was authorized under the 2019 national defense budget. The report released in March proposes a layered strategy for cyberdeterrence.

The co-chair of the commission was Rep. Mike Gallagher, R-Wis., who also testified during the hearing Wednesday. He co-sponsored the National Cyber Director Act.

In a statement before the hearing he said, “The coronavirus has elevated the importance of cyberinfrastructure and demonstrated how incredibly disruptive a major cyberattack could be. But while we are woefully unprepared for a cybercalamity, there is still time to right the ship.”

During the hearing, he said the U.S. government and private companies were getting better at detecting threats from hackers.

However, “The threats are getting better as well,” Gallagher said.

Michael J. Rogers, chairman of the public policy foundation Center for the Study of the Presidency and Congress, said the U.S. government needs to be preventive rather than waiting to respond to a cybersecurity crisis.

A single national cyber director could work across different agencies to coordinate prevention efforts, he said.

He also warned that waiting too long would make a crisis unavoidable as adversaries increase their budgets and staffing for cyberattacks.

“They know it has high impact but low consequence,” Rogers said.

He added, “All of them are stepping up their game.”