In January, Congress will lose two cybersecurity champions, with both Rep. Jim Langevin and Sen. Rob Portman retiring after the midterm elections.
Both Langevin (D-RI) and Portman (R-OH) have long focused on improving the nation’s cybersecurity stance and have pushed legislation to fix major problems.
While there will continue to be many members of Congress interested in cybersecurity, Langevin and Portman “have been important voices in Congress when it comes to cybersecurity, and their retirements will leave a big hole in the cybersecurity landscape,” said John Nakata, a technical specialist at IBR, an investing educational website.
“Congress still has a long way to go when it comes to cybersecurity, but the work that Rep. Langevin and Sen. Portman have done will help to pave the way for future legislation,” Nakata told the Washington Examiner.
The two lawmakers were among the leading voices to push for lawmakers to work across the aisle on cybersecurity issues, added Tom Kellermann, a senior vice president of cyber strategy at Contrast Security.
“Due to their bipartisan efforts, cybersecurity is now seen as a patriotic imperative rather than a political football,” Kellermann told the Washington Examiner. “Our nation will miss their leadership.”
Both lawmakers have sponsored several cybersecurity bills, and here are some career highlights.
Langevin:
- He co-founded the Congressional Cybersecurity Caucus in 2008 and has served as the co-chairman since then. The group has pushed for stronger cybersecurity laws and more funding.
- He sponsored the Cybersecurity Act of 2015, which would have created a voluntary program for companies to improve their cybersecurity. It also would have provided resources to the Department of Homeland Security to help them protect critical infrastructure. The bill didn’t pass but provided a blueprint for future efforts.
- Langevin also co-founded the Center for Strategic and International Studies’s Commission on Cyber Security for the 44th Presidency, which sent several policy recommendations to the Obama administration.
- He was “integral in dramatically increasing the authorities and funding” for U.S. Cyber Command and the Cybersecurity and Infrastructure Security Agency, Kellermann noted.
Langevin himself points to the recent creation of the Office of the National Cyber Director as a career highlight.
“For the first time, we have a Senate-confirmed cyber adviser to the President who can provide a nexus for cybersecurity leadership in the White House,” he said. “Chris Inglis is the perfect person to be the inaugural national cyber director, and I’m thrilled with what he has been able to accomplish in just over a year on the job.”
He also noted that Congress has made huge steps forward in cybersecurity in the past 20-plus years. “When I was first elected in 2000, the [National Defense Authorization Act] didn’t even mention the words ‘cyber’ or ‘internet,’” he said. “Now, this year’s NDAA was the second in a row to include an entire title devoted to cyberspace-related matters.”
Portman highlights:
- In September, he co-sponsored a bill, the Securing Open Source Software Act, designed to mitigate vulnerabilities in open-source software by directing CISA to evaluate how open-source code is used by the federal government. It also would task CISA with providing guidance on how to secure open-source software to federal agencies.
- Earlier this year, Portman released a report that described how three U.S. companies were targeted by the ransomware group REvil. The report recommended how federal agencies and other groups could protect themselves against ransomware attacks.
- This year, he co-sponsored the bipartisan Strengthening American Cybersecurity Act, a wide-ranging bill ordering critical infrastructure owners and operators, as well as civilian federal agencies, to report substantial cyberattacks to CISA. Critical infrastructure owners and operators would also have to report ransomware payments to the agency, and it focuses on modernizing the government’s cybersecurity posture.
- Portman’s fingerprints are “all over” the latest NDAA, said Richard Gardner, the CEO of Modulus, a financial tech and artificial intelligence vendor. He fought to create a pilot program to explore how AI can improve intelligence software, and he proposed a measure aimed at better sharing of cybersecurity data between the executive and legislative branches, Gardner noted.
Despite these accomplishments, Congress has more to do, Langevin said. The Cyberspace Solarium Commission, which he has served on, made several recommendations after it was stood up in 2019. One priority is to increase cybersecurity funding, and another is to enable better collaboration between the federal government and operators of critical infrastructure, he said.
Another top goal is to create a so-called joint collaborative environment, included in this year’s NDAA, which would “create a common, interoperable toolset for the federal government and key private sector companies to share and analyze cyber threat information together in real time,” he said.
