A House insider's view of U.S. cybersecurity policy
Rep. Yvette Clarke shares her perspective as chairwoman of the House Homeland Security subcommittee on Emerging Threats and Cybersecurity
Rep. Yvette Clarke (D-N.Y.) has seen a lot of changes during her relatively brief tenure as chairwoman of the Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee.
Since she was named chairwoman in February 2009, new officials have been tapped to lead the Homeland Security Department’s computer security efforts, President Barack Obama gave a high-profile speech on cyber threats, and the White House appointed a new cybersecurity coordinator. On Capitol Hill, lawmakers have introduced a slew of cybersecurity-related bills.
Clarke's subcommittee has jurisdiction over DHS, a primary player in federal cybersecurity efforts. However, questions continue to swirl over the role that DHS should play in overall federal computer security efforts.
FCW reporter Ben Bain sat down with Clarke recently in her office to discuss these developments and get a better idea of what makes the congresswoman from Brooklyn tick.
FCW: What do you see as your biggest accomplishments as subcommittee chairwoman?
Clarke: I think we’ve picked up a lot more momentum in this year going directly at [DHS’s] Science and Technology Directorate (S&T). We felt that with our [S&T] authorization act this year,...we would sort of help shape the expectations around what that directorate can do and should produce, and I think that that adds some momentum to the work that we’ve been trying to get done through [the subcommittee].
FCW: How do you see DHS fitting into the larger construct of federal cybersecurity?
Clarke: DHS still has the coordinating role, but with an exclamation point.… There’s so much space out there…the Defense Department, they have a role to play, the Energy Department has a role to play, even the Agriculture Department has a role to play.… Of course, our financial systems are always challenged, so Treasury has a role to play. All the regulatory entities have roles to play. So for DHS, it’s about how do you sort of keep your finger on the pulse of all of these areas and then determine where best practices are emerging that can be applied in some form or fashion to other areas where we might not see as much strength.
FCW: What level of coordination do you have with other committees that deal with cybersecurity, such as Intelligence and Defense, and are you moving toward some type of legislation?
Clarke: We’ve actually got scheduled a meeting of all subcommittee chairpersons who have some form of connection to cybersecurity. If we’re asking DHS to coordinate with all of the agencies, then it stands to reason that having oversight, we should also do that level of coordination and collaboration with our colleagues in the House. I think it’s not worth it to get into a big fight over jurisdiction.
FCW: Are there legal or statutory gaps that you think need to be filled by new laws?
Clarke: There are quite a few. The challenge is, how do you legislate something that’s constantly morphing? We’ve had some conversations with folks in the private sector, and they do have some really good ideas about how you set standards. I think that that may be the closest that we can come to, in certain respects, to legislating. It’s really setting a bar for what security should be like and what our expectations are. But that doesn’t mean people can’t get around that.… The feedback I’m getting from the private sector is that a lot of [the legislation that’s been proposed] is not meeting the mark. So I’m not letting [the private sector] necessarily dictate, but I’m certainly being informed by where they see the loopholes are in the legislation. And they’re saying that, to a large extent, it’s not a one-size-fits-all [solution].
FCW: Are you saying that the broad approach to cybersecurity legislation might not work?
Clarke: It’s going to address some of the concerns that we have. But again, I’m finding that the pushback is that [we shouldn't] regulate to the extent it impedes innovation. It impedes commerce in ways that are unintended consequences of that type of regulation.
FCW: Do you think it’s possible to pass some kind of comprehensive legislation, such as the bill that has been proposed by Sens. John Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine)?
Clarke: It probably is [possible]. But again, to a large extent, we’re going to have to take a real cue from the private sector and understand their business intimately enough to create the nuances for innovation to continue while providing the protections and securities that we need to keep our nation safe.
FCW: Is the Rockefeller/Snowe proposal that’s being considered in the Senate something you think the House would be OK with?
Clarke: There are still some unintended consequences within the bill that we don’t have a good sense of at this stage. But I think that it’s a good starting point, and we’re going to have to start somewhere. So there is room for negotiation and modification of the bill.
FCW: Does the House leadership have interest in passing some kind of comprehensive cybersecurity legislation?
Clarke: This is not rising to the top at this moment. But certainly I think there’s a case to be made for it. There has been a real commitment to homeland security, and I think that my colleagues, given all of the roundtables and “cyber flu shots” that we did on the Hill last year, are much more in tune with how real this threat is, including the leadership. So I would anticipate real support for comprehensive cybersecurity legislation as long as it’s well thought out and it provides real protections to the American people.
FCW: Are you currently working on comprehensive cyber legislation?
Clarke: We’ve asked the Government Accountability Office to look at a couple of areas, and we’re hoping that based on the outcomes of those inquiries, we’ll have the grounds on which to do that. We’ve had them look at critical infrastructure protection, global cyberspace governance…assessing public-/private-sector research and development needs, federal cyber efforts with the smart-grid implementation…and, of course, the implementation of Melissa Hathaway’s 60-day cyberspace policy review.
FCW: Are you satisfied with what the Obama administration has done so far, especially with the appointment of Howard Schmidt as the White House’s cybersecurity coordinator?
Clarke: That’s certainly a move in the right direction. I look forward to sitting down with Howard to see what his assessment of things is at this stage. I’m sure that he is reviewing where folks are in the 60-day cyberspace policy review as well.... I think that he has to take a very aggressive role in getting the type of collaboration that needs to take place.
FCW: What’s your impression of the cybersecurity leadership at DHS?
Clarke: I think it still remains to be seen. This is a new administration, and this is a vast area that we have to cover almost simultaneously. You have the deployment of the smart grid happening, while the financial sector is constantly being attacked, the dot-gov is constantly being attacked, intellectual property is being siphoned away on a regular basis. Again, it remains to be seen. I’m giving folks the benefit of the doubt, but we’ll be having some hearings shortly around these five areas that I’ve outlined, and that’ll give me a better sense of where the weakness is, if any exist.
FCW: What are your goals as chairwoman of the subcommittee?
Clarke: I’d like to see [Schmidt’s] role develop even more because I think that the White House has to have the authority resident there to make everyone respond to any threat that becomes imminent [or] that could do irreparable harm to our nation, and that all of the players — from private sector to government to individuals — have confidence in that person’s ability to command that level of authority. So that’s going to be a coming-of-age scenario.
Editor's note: This interview was edited for clarity and space.