In the wake of Obama’s release of Melissa Hathaway’s 60-day cyberspace policy review and his announcement that he will appoint a “Cyber Czar” to coordinate federal cybersecurity, we caught up with Rep. Jim Langevin (D-RI), co-chair of the House Cybersecurity Caucus. He detailed his vision for the future of the public/private partnership in Information Security including funding and privacy questions.
ExecutiveBiz: What are your initial thoughts regarding the balance of public and private partnership and what role, if any, do contractors have?
Congressman Jim Langevin: First of all I want to commend President Obama for taking on the issue of cyber security so early in his Administration. Cyber security is a real threat to the country. More needs to be done and President Obama is building on what was started in the previous administration. I am glad that he’s recognized that currently no single official oversees cyber security policy across the federal government. The office he’s proposing is going to oversee all federal cyber security policies [and] it will work to ensure that agency budgets reflect those priorities. With respect to contracting or perhaps working with the private sector, I really do believe that there has to be a stronger public/private partnership than we’ve seen in the past. Much of our critical infrastructure is in private hands and we are going to have to work more closely with them. The contracting community would probably have a role to play in helping to better secure our critical infrastructure; whether it’s the electric grid or the banking system or the telecommunication system. Any penetration or disruptions in our critical infrastructure could lead to either loss of life or certainly do damage to our economy and we can’t let that happen.
ExecutiveBiz: I was wondering if you could speculate on who the Cyber Coordinator should be.
Congressman Jim Langevin: I expect that the Cyber Coordinator would be someone with strong cyber security credentials, already established in the eyes of the many people who understand the importance of cyber security. I’m waiting to see the role that the Cyber Coordinator will play. I’m hoping that it’s going to be a Deputy Assistant to the President with broad policy and budgetary authority that would work very closely with the Economic Security Advisor as well as the National Security Council. I’m certainly going to be pressing the Administration to make sure that the person they choose not only has strong credentials but also that they are given strong authority and access to the President to make sure that this is placed at the top of the policy agenda.
FISMA was an important first step in securing our federal networks but that law is outdated and it needs to be reviewed. – Jim Langevin
ExecutiveBiz: What would you say the balance is between the American civil liberties, National Security and private networks?
Congressman Jim Langevin: That’s a great question. The President went out of his way to make sure that we are going to respect privacy and civil liberty issues. Also, the 60 day review aggressively consulted the privacy and civil liberties community. The President made it clear that we don’t want to intrude into or control the internet. We are not interested in, and the government shouldn’t be involved in, reading people’s private emails. We are going to make sure that we take steps to guard against these things. Protecting privacy and civil liberties in cyber space will be of paramount concern to the Administration and I’m pleased that they’ve outlined it that way. Certainly it will be of concern to Congress too. I plan to make sure that we are guarding privacy and civil liberties as well.
ExecutiveBiz: The State Department has a State sponsored terrorism list. Do you think Congress should pass a State sponsored cyber hacker or cyber terrorism list comparable to what the State Department has?
Congressman Jim Langevin: Well that’s an interesting thought. I hadn’t heard that brought up yet but it’s something that perhaps we should look at. Certainly the hackers are pretty well known in the Intel world and I’m sure that the NSA is involved in rooting out these people but perhaps it’s time to look at some kind of more well known list of cyber hackers to be widely distributed.
ExecutiveBiz: Is there any law that Congress needs to pass from a statutory perspective to help the President in terms of executing his cyber security strategy?
Congressman Jim Langevin: Well I’m certainly considering legislation right now to codify what the President has introduced in his cyber policy review. I know there is Legislation pending in the Senate right now on the issue of cyber security. I think that whether it’s nation states, or rogue individuals or terrorist groups, they seem to be winning right now because of the amount of cyber penetrations we’ve experienced and the amount of data that has been exfiltrated, so this will be an ongoing multiyear, multibillion dollar effort that we are going to have to continue to be involved with nonstop.
ExecutiveBiz: Will Congress need to update FISMA to help deal with the cyber security challenge?
Congressman Jim Langevin: Well it’s important that we update our laws. FISMA was an important first step in securing our federal networks but that law is outdated and it needs to be reviewed. I know there is a review going on right now and we hope to have the proper updates in place so that Congress can address it and work on getting it passed.
ExecutiveBiz: What is something most people don’t know about cyber security in relation to what Congress is doing?
Congressman Jim Langevin: First of all we are involved in funding cyber security efforts on a pretty broad level right now but we need more Congressional oversight on the issue of cyber security and making sure that the Administration is getting this right. We are working with them in partnership to make sure that our cyber networks are secure. The Congress takes that very seriously, I take it very seriously and I’m going to continue to play a strong leadership role in making sure that we’re getting cyber security right by using the proper resources both now and in the future, including developing cyber expertise both in people and in our R&D efforts.