Info Sharing and Securing Critical Infrastructure Top Key Congressman’s Cybersecurity Priorities – Nextgov
Congress is taking the issue of cybersecurity very seriously and using the tools at its disposal to boost the nation’s ability to defend itself in cyberspace.
Rep. James Langevin, D-R.I., is one of the most tech-savvy members of Congress. He is a senior member of the House Armed Services Committee, where he chairs the Cyber, Innovative Technologies, and Information Systems Subcommittee, sits on the Homeland Security Committee, co-founded and chairs the Congressional Cybersecurity Caucus, and served on the Cyberspace Solarium Commission.
Those credentials support his opening comment to the CyberNext DC conference on Nov. 18: “Cybersecurity is one of the major economic and national security challenges of our time. It’s been that way for a while, and it’s not going away.”
Langevin cited the increased visibility and impact of ransomware attacks as a reason that “my colleagues see an urgency for new legislation now, in a way that wouldn’t be possible a few years ago.”
One of his priorities is legislation to create a Joint Collaborative Environment, or JCE, one of the key recommendations of the Solarium Commission. He said language to create the JCE will be “codified” in this year’s National Defense Authorization Act.
“We talk a lot in Washington about enabling information [sharing],” he said. “In practice, entities must be able to make sense of what’s coming forward across the ecosystem. JCE would address this need—a common toolset for public and private stakeholders on cybersecurity risks [such as] malware.”
In addition, Langevin suggested, there are a small number of major companies in the U.S. that should be considered “systemically important critical infrastructure,” or SICI entities, that “should receive certain special benefits but also have certain special obligations.”
The two criteria that determine a SICI enterprise are, first, that the entity’s operations must be highly important to the country. “If hit, would the company just have a very bad day, or would the country have a bad day?” Langevin explained. Second, the company must have a baseline level of cybersecurity maturity that enables them to assist in their own defense, he said.
“In cyberspace, these companies are on the front line, so the federal government must act in a supporting role—not something that we’re used to,” Langevin said. As for the special obligations and benefits, he said that might include defined levels of cybersecurity control to ensure they are properly securing their systems, and in return they might be given “certain liability protections” should they be attacked. “Perfect cybersecurity is unobtainable … Those SICI entities who followed all the recommended steps should …….