Bipartisan House group introduces legislation to set term limit for key cyber leader

A group of bipartisan House lawmakers rolled out legislation this week to put in place a term limit for the director of the Cybersecurity and Infrastructure Security Agency (CISA) in the wake of escalating cybersecurity incidents and turmoil in agency leadership last year.

The CISA Cybersecurity Leadership Act would establish a five-year term for the CISA director position, and reaffirm that the position is presidentially nominated and Senate approved. 

The bill was introduced less than a year after former CISA Director Christopher Krebs, the first individual to hold the position, was fired by former President Trump for CISA’s efforts to push back against election-related disinformation and misinformation. 

Krebs’s departure alongside several other top agency officials left CISA without Senate-confirmed leadership until July, when the Senate unanimously confirmed Jen Easterly as the new director of CISA. 

The legislation is sponsored by a group of key cybersecurity leaders in the House led by Rep. Andrew Garbarino (R-N.Y.), the ranking member of the House Homeland Security Committee’s cybersecurity subcommittee. 

“The current threat landscape is ever changing and expanding to include a multitude of cyber risks. We must evolve along with it to be best prepared to mitigate these threats,” Garbarino said in a statement Tuesday. “With cyber attacks on the rise, CISA, the lead federal civilian cybersecurity agency for the United States, needs consistent and stable leadership presiding over our nation’s cyber preparedness.”

“This bipartisan bill will remove any uncertainty from the CISA Director role so that the Director can focus squarely on strengthening our cyber posture,” he said. 

Other sponsors include House Homeland Security Committee Chairman Bennie Thompson (D-Miss.), ranking member John Katko (R-N.Y.), cybersecurity subcommittee Chairwoman Yvette Clarke (D-N.Y.), and Reps. Jim Langevin (D-R.I.), Mike Gallagher (R-Wis.) and Ralph Norman (R-S.C.). 

“Cybersecurity isn’t a partisan issue,” Thompson and Clarke said in a joint statement Tuesday. “As the cyber threats facing the nation continue to evolve, we need steady leadership at the Cybersecurity and Infrastructure Security Agency. We are proud to work with Ranking Member Garbarino on this important legislation and look forward to working with him to get it across the finish line.”

The bill was introduced in the wake of months of major cyber incidents impacting both the U.S. government and thousands of businesses. These have included the SolarWinds hack, which compromised nine federal agencies for most of last year and which U.S. intelligence agencies linked to the Russian government. 

Other incidents have included ransomware attacks on critical groups such as Colonial Pipeline and meat producer JBS USA. Attacks on both groups by Russian-linked cybercriminal groups in May put key supply chains at risk, and prompted President Biden to bring up ransomware attack concerns with Russian President Vladimir Putin when they met in person in June. 

CISA bills itself as the “nation’s risk advisor,” and is tasked with helping secure critical sectors against cyberattacks, including elections. 

“As our nation faces the most dynamic and complex cyber threat landscape in history, we need stable leadership at the helm of CISA,” Katko said in a statement Tuesday. “I commend Ranking Member Garbarino for his leadership of this important bipartisan effort. We will continue working together to ensure CISA has the resources, workforce, and authorities it needs to effectively carry out its mission.”