CYBER DEFENSE MEASURES

Sen. Ron Johnson (R-Wis.) said Wednesday that he was pushing for inclusion of measures meant to defend the United States against cyber threats in the upcoming annual National Defense Authorization Act (NDAA).

Johnson, the chairman of the Senate Homeland Security and Governmental Affairs Committee, said during a virtual committee hearing on cyber threats that he hoped to include a provision creating a federal national cybersecurity leadership position in the NDAA.

“We are working hard to get included in the NDAA so it can become law, there is the need to put someone in charge, a national cyber director,” Johnson said.

Lack of cyber leadership: There is currently no central federal leader for cybersecurity. The departments of Defense and Homeland Security (DHS), along with the intelligence community and the FBI, address cyber threats, but the Trump administration has lacked a central lead since the White House cybersecurity coordinator position was eliminated in 2018.

Johnson also voiced his support for including a provision that would give DHS’s Cybersecurity and Infrastructure Security Agency (CISA) the ability to subpoena internet service providers for information on vulnerabilities detected critical infrastructure networks. A House committee approved a bill around this issue in January.

“It’s a very necessary authority that CISA needs, and I am going to ask everybody on our committee to do everything, by hook or by crook, to hopefully get into the NDAA as well,” Johnson said.

Cyber commission recommendations: Both recommendations were backed by the Cybersecurity Solarium Commission (CSC), a group created by Congress in 2018 to evaluate the cyber risks to the United States. The group, which includes members of Congress and federal agency leaders, was charged with laying out recommendations on how to defend the nation against these threats.

The CSC submitted its report, which included over 75 recommendations on how to prevent a cyber doomsday scenario, in March as the coronavirus pandemic began to sweep the world.

Sen. Angus King (I-Maine), a co-chair of the commission, testified Wednesday that cyber threats were only “magnified” by COVID-19, as attempted hacks on healthcare and research groups involved in fighting the virus have spiked.

“We have to communicate that to our colleagues, that this isn’t something academic, this is coming at us, this isn’t something that may come at us, it’s coming at today,” King said, adding that the private sector is “being pinged millions of times a day by malicious actors.”