2 Key Cybersecurity Lawmakers Will Not Seek ReelectionCyber-Focused Reps. Jim Langevin, John Katko Announce Congressional Retirement
In a span of just days, two prominent congressmen who have long championed cybersecurity at the federal level announced that they will not be seeking reelection in 2022.
Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., each of whom has sponsored key cybersecurity proposals in recent years, confirmed that they will be retiring from Congress, although several key cyber provisions remain on the agenda for 2022.
Langevin, who has served 11 terms in Congress over nearly 22 years, is a commissioner of the congressionally mandated Cyberspace Solarium Commission, whose recommendations were incorporated into the National Defense Authorization Act for fiscal year 2021. One of its accomplishments was the formation of the cabinet-level Office of the National Cyber Director, now occupied by Chris Inglis, former deputy director of the National Security Agency. Inglis serves as President Joe Biden's principal adviser on federal cybersecurity matters.
In a video announcement posted to Twitter on Tuesday, Langevin, chair of the House Armed Services Committee’s panel on cybersecurity, said, "I'm so proud of all that we've been able to accomplish together. I have led the efforts in Congress to strengthen cybersecurity, and prepare our nation for the threats of the 21st century. … Now, I've not come to this decision lightly. But it's time for me to try out a new course, which I hope will keep me closer to home and allow me to spend more time with family and friends."
Cybersecurity officials who have worked with Langevin say his absence in Congress will be felt.
"Jim Langevin has been the most productive legislator over the past decade, and his work on the House Cybersecurity Caucus and the Cyberspace Solarium Commission only scratch the surface on the blocking and tackling he has done to move legislation on the Hill," Mark Montgomery, executive director of the Cyberspace Solarium Commission and a former policy director for the Senate Armed Services Committee, tells Information Security Media Group.
Years of Success
In 2008, Langevin co-founded the House Cybersecurity Caucus, which he co-chairs. In 2009, he appeared on "60 Minutes" to discuss the relation between cybersecurity and national security, highlighting a need to protect U.S. infrastructure.
As a commissioner for the Cyberspace Solarium Commission, launched in 2019, Langevin and his colleagues issued a comprehensive cybersecurity report in March 2020, and dozens of recommendations were implemented into the NDAA for FY 2021. The commission proposed a strategy of layered cyber deterrence and issued more than 80 recommendations to implement it. The strategy's main pillars included reforming the government's cybersecurity structure, strengthening norms and nonmilitary tools, promoting national resilience, reshaping the cyber ecosystem and operationalizing cyber collaboration with the private sector.
The congressman has also advocated for a stronger central cybersecurity agency, and that has been realized through supplemental authority granted to the Cybersecurity and Infrastructure Security Agency, which can subpoena internet service providers regarding cyberthreats and carries threat-hunting capabilities for federal networks.
"The bipartisan support that cybersecurity enjoys has been so critical to our legislative success," Langevin tells ISMG. "Almost every major accomplishment has happened with substantial bipartisan backing. Hackers don't discriminate between Democrats and Republicans, and there's nothing partisan about making the necessary investments in cyber to meet the challenges of the 21st century."
Work to Be Done
While Langevin's accomplishments are many, there are several outstanding cybersecurity items on the agenda for 2022, including getting a mandatory incident reporting mechanism across the finish line. The provision was cut from the annual defense spending bill in December, reportedly after Sen. Rick Scott, R-Fla., introduced a Senate amendment to the bill that limited the scope of reporting requirements for businesses (see: Cyber Incident Reporting Mandate Excluded From Final NDAA).
Lawmakers hoped to have a bill addressing mandatory incident reporting for critical infrastructure providers on Biden's desk on the one-year anniversary of the SolarWinds software supply chain attack that affected 100 organizations globally and nine federal agencies. Key lawmakers intend to pursue the matter in 2022 - likely with a 72-hour window, with 24 hours for any ransom payments.
Langevin has also been a proponent of increased cross-sector collaboration and has continued to recommend codifying a "joint collaborative environment" - a shared cloud for real-time data sharing.
Other top cybersecurity officials continue to praise Langevin's work advancing cybersecurity matters on the Hill.
"Rep. Langevin is one of the most unsung heroes in the legislative branch," says Charles Garzoni, former cyber incident coordinator for the FBI and former director of the defensive strategy for the Solarium Commission. "Langevin was really the key figure for execution of the over 80 cyber recommendations to the president and Congress. I feel he was the most prolific commissioner. … He's been involved with cyber issues for many years, and his experience really honed his ability to represent the cyber community in the commission's legislative processes."
Garzoni, currently the senior director of defense operations for the managed care company Centene, adds, "When Langevin spoke during commission meetings, the other commissioners generally followed his advice or took action on his comments. His work was always bipartisan and he had the nation's best interests in mind. … He was widely respected, and he will be sorely missed in the cyber community."
Katko to Leave Congress
On Friday, John Katko, a New York Republican, announced he will not seek reelection for a seat he has held since 2015. In a statement, he said: "After 32 years of public service, I have decided not to seek r-election to Congress, so that I can enjoy my family and life in a fuller and more present way."
Katko also said he remains proud of "leading efforts to secure our homeland and keep this country safe," and that "representing Central New York in Congress - solving real problems and relentlessly championing bipartisanship - has been the honor and privilege of a lifetime."
Katko has been the ranking member of the House Homeland Security Committee since 2020, and prior to that he was the top GOP member on its cybersecurity subcommittee.
In 2021, Katko co-sponsored a bill that, according to an October statement, would "help establish a transparent process for designating SICI [systemically important critical infrastructure] and directs [CISA] to prioritize meaningful benefits to SICI owners and operators without any additional burden."
The Cyberspace Solarium Commission's Montgomery says, "I am certain that 2022 will be a capstone year for cyber legislation, as [Langevin] completes some of his most challenging work - particularly the Joint Collaborative Environment … and a provision on Systemically Important Critical Infrastructure.
"But his leadership will be greatly missed in 2023 after his well-deserved retirement from Congress, although I suspect he will find another avenue to impact the cybersecurity field pretty rapidly."
Garzoni, who was also a regional superintendent for the Air Force Office of Special Investigations, says that Rep. Mike Gallagher, R-Wis., co-chair of the Solarium Commission, may "take up Langevin's mantle in the future," which will be a "boon for the legislative branch."
[Update: Jan. 20, 9 a.m.] - This story has been updated to include comments from Rep. Langevin.