Administration renews call for cyber legislation

Shutterstock image: the Capitol Building in autumn with orange leaves. 

With Congress back in session this week, top officials at the Department of Homeland Security have renewed their calls for lawmakers to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks.

In a Sept. 9 op-ed in The Hill newspaper, DHS Secretary Jeh Johnson said there is only so much his agency can do to carry out its cybersecurity mission without firmer legal authorization. "Within the federal government, existing statutory authorities are unclear, and worse, do not adequately reflect the department's role and responsibility for protecting the .gov network," he wrote.

DHS’s statutory authorities are limited in the sense that the department relies on the Homeland Security Act of 2002 for its legal mandate to deal with cybersecurity, according to Larry Zelvin, who stepped down last month as head of DHS’s National Cybersecurity and Communications Integration Center, a 24/7 hub for monitoring cyber threats.

The House passed three measures July 28 designed to boost information sharing, advance cyber technologies and improve the DHS cybersecurity workforce. One of those bills, sponsored by Homeland Security Committee Chairman Michael McCaul (R-Texas) would give DHS some of the codified authority it is looking for by strengthening NCCIC.  

The Senate has been slower to act, but Johnson said he is convinced that Congress can rally around "areas of strong consensus" to pass cybersecurity legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent. 

A day after Johnson’s op-ed was published, Suzanne Spaulding, DHS undersecretary for the National Protection and Programs Directorate, hammered the point home in testimony before the Senate Homeland Security and Government Affairs Committee. 

"While both the cybersecurity threat and the nation’s dependence on cyber infrastructure has grown exponentially, the legal framework, particularly regarding the articulation of the department’s authorities, has not kept pace," Spaulding said, adding that "legislative action is vital."

Some lawmakers have expressed a sense of urgency to act before the end of the 113th Congress.

"If we don't do it between now and the end of year, and it's thrown over to the next Congress, the House is going to have a new influx of members, the Senate’s going to have a new influx of members," Georgia Republican Saxby Chambliss, the retiring vice chairman of the Senate Intelligence Committee, said in June. "The balance of power may change, and you’re looking at a year from now and I’m betting you nothing would be done."

He was specifically referring to an information-sharing bill he co-sponsored with Sen. Dianne Feinstein (D-Calif.), which the Intelligence panel approved in July.

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.