Congressman Sees Obama Plan as a StartLangevin: Proposal Lacks Cyber Leader Post, Tough Regulations
"It's an important first step," Langevin says. "We are going to work with the administration going forward to see what we need to do particularly to protect our critical infrastructure."
Langevin's proposed bill takes a more regulatory approach, saying he believes the administration has opted for "a collaborative approach, encouraging industry to do more in cybersecurity."
As Langevin sees it, the government's role is to ensure the adequate protection of the critical cyber infrastructure. When left to their own devices, many of the owners of privately run key IT systems would not take the appropriate steps to protect those systems that are crucial to the economy's and nation's well-being.
In an interview with GovInfoSecurity.com's Eric Chabrow, Langevin discusses the:
- Role regulation could play in assuring the securing of the nation's critical IT infrastructure.
- Increased responsibilities given to the Department of Homeland Security in executing government cybersecurity.
- Prospects for passage of comprehensive cybersecurity legislation in the 112th Congress.
Few lawmakers on Capitol Hill can claim to be as involved in initiatives aimed at safeguarding federal IT systems and the nation's critical IT infrastructure as Langevin.
Langevin co-founded the House Cybersecurity Caucus and co-chaired the Commission on Cybersecurity for the 44th Presidency, which issued a report that served as the foundation of President Obama's cyberspace policy.
President's Cybersecurity PackageERIC CHABROW: President Obama has unveiled his cybersecurity legislative package on May 12. What do you like about the President's proposal?
JAMES LANGEVIN: I like the fact that it is finally here. We've been waiting for a long time for the White House to clean its inter-agency review process and today I'm happy to see this administration come forward and show the legislative guidelines on us securing our critical networks and protecting our position as international leaders in cyberspace.
CHABROW: The President didn't propose an office of cyberspace in the White House with the Senate-confirmed director, something that you wanted. Was that a mistake on the President's part?
LANGEVIN: I would've liked to have seen stronger position establishing a stronger office of cyberspace in the executive laws with the director's position that was Senate confirmed, but we'll leave that issue for another day. The bottom line is we finally have some guidance from the White House. As we begin the process of drafting legislation to codify into law, we need to have both the authorities and the protections in place to make sure that we are protecting the American people and our cyber infrastructure from attack or misuse from those who would wish us harm.
CHABROW: It seems that the President in his proposal isn't taking many risks. We just talked about the cyberspace director's position not being named. From what I can see from my initial reading of the legislation, there aren't a lot of regulatory rules to be imposed on businesses that run the critical infrastructure. Is this a safe proposal?
LANGEVIN: It's an important first step. It's not an end of discussion; it's just the beginning of the discussion. We are going to work with the administration going forward to see what we need to do particularly to protect our critical infrastructure. In my bill, I took more of a regulatory approach. I think the government does have important roles to play in bringing that much further down the field to make sure that our cyber infrastructure and critical infrastructure are accurately protected. The administration has taken more of a collaborative approach, encouraging industry to do more in cybersecurity, but with not a whole lot of penalties or regulations to get us to the point where we probably should be. But we'll wait and see how that process unfolds and as we go forward we'll stir legislation. I'll see how we can improve upon where the President has started us today.
Cybersecurity RegulationCHABROW: You are in the house where a lot of the members of the majority don't like regulation on government. Do you think there is an exception with cybersecurity?
LANGEVIN: No. I think there are many colleagues on the Republican side who are going to be reluctant to impose regulation, but the bill that I've introduced I have a Republican co-sponsor, Congressman Roscoe Bartlett. I very much want to see this whole process as a public, private partnership. The more we can encourage industry to do more to secure itself the better. I use the airline industry as an example. I believe the owners and operators of the airline industry want to run safe airlines. I think that they want to get passengers to their destinations safely and on time, but those good intentions only get them so far. I don't think anyone would argue that we shouldn't have the FAA or the NTSB there to ensure an adequate level of safety to their process. As a result, we have a very safe airline industry, probably one of the safest in the world. I would have applied that same model to other areas of critical infrastructure. Good intentions only get you so far. Left to its only devices, private market would do something but I don't necessarily think they would do everything that they could be doing. That is where government has a role to play further down the field.
CHABROW: Last year, the House of Representatives under the Democrats did pass comprehensive cybersecurity legislation. The Senate didn't. This year, it seems that the Republicans in the House are saying that they would rather not see something comprehensive, maybe a variety of different bills. What do you think of the prospects of some significant cybersecurity legislation being enacted by Congress this year?
LANGEVIN: I think it is a very real possibility, although much of this hinges on the Senate. I hope that they can't. Signals show that they are very serious about passing this legislation, and I'm supportive of their efforts to try. If they pass a strong bill on their side to send over here, I would be glad to work to try to shut down the bill through the House and perhaps introduce the House contingent bill on our side. I'm going to continue to try to pass my bill on the House side again.
CHABROW: The FISMA reform element of the President's proposal puts a lot of authority with DHS. I know you wanted a White House cybersecurity director, but are you comfortable with so much power going to DHS?
LANGEVIN: DHS has a stronger role to play, but this isn't just about one department or agency. The reason I wanted it in the White House is so that person couldn't reach across governance from a policy and a budgetary standpoint. But it sure will be helpful if legislation is passed, co-defying who has primary responsibility for cybersecurity, and I'll do what I can to see that it is successful.
This is the first step in the process. There is a lot of work to be done going forward and I look forward to working both with the administration, as well as private industry, to make sure that we get this right.