Let’s pass cybersecurity legislation

A bipartisan group of members in Congress are advancing legislation on an issue that deserves all of our attention – cybersecurity.

Today our nation’s cyber networks are as much a part of the American homeland as our cities, farmlands, mountains, and coastlines.  They are where we shop, bank, work, play, learn, create and connect to family members.  They are indispensable to modern life in America – the very backbone of our 21^st century economy and a major nerve center of our national security.

{mosads}Cyberspace is a place of innovation and opportunity, and full of good people.  But it is also a place of risk and danger, where bad actors take advantage of security weaknesses to cause harm.  Cyberspace is vulnerable to an ever-evolving range of threats — from criminals to nation-state actors, ranging in purpose from identity and data theft to espionage and disruption of critical functions.  As our Nation’s reliance on cyber networks has grown, incidents which impact the safety and confidence with which we operate online have become increasingly commonplace.  You need not take my word for it.  On a regular basis, you read and hear about cyber incidents that occur in this country.  Moreover, chances are that every reader of this has, at one time or another, personally been the victim of a cyber breach. 

So, what are we going to do about it?  

The Department of Homeland Security protects the homeland.  This includes safeguarding our cyber networks.  However, in pursuing our cybersecurity mission, DHS has reached a point that requires the help of Congress.  Within the Federal government, existing statutory authorities are unclear, and worse, do not adequately reflect the Department’s role and responsibility for protecting the .gov network.  Beyond the government domain, some private companies can and do resist sharing information with DHS about cyber attacks on their systems, for fear of potential liability. 

Both the House and Senate have made real progress on cybersecurity legislation, but Congress risks adjourning before their good work has been signed into law.  While there may be objections to portions of each pending bill, there are also areas of strong consensus, with each generally advancing the homeland security mission in some important way – by codifying the cybersecurity responsibilities of the Department of Homeland Security, by making it easier for DHS and the private sector to work together to mitigate cyber-related vulnerabilities, and by enhancing the Department’s authority to hire cybersecurity talent.  One bill, H.R. 3696, the proposed National Cybersecurity and Critical Infrastructure Protection Act, has passed the full House thanks to the bipartisan leadership of Reps. Mike McCaul (R-Texas), Bennie Thompson(D-Miss.), and others.  The Senate Committee on Homeland Security and Governmental Affairs, led by Sens. Tom Carper (D-Del.) and Tom Coburn (R-Okla.), has also moved several bills out of committee on a bipartisan basis.    

All the bipartisan progress and hard work invested in cybersecurity legislation in this Congress should not go to waste.  In the few legislative days left, I urge Congress to, at the very least, pass the provisions of cyber legislation for which there is bipartisan consensus, while we continue to work on outstanding areas of disagreement.

Johnson, the fourth individual to be Secretary of Homeland Security, assumed office in December 2013.