Congress urged to overhaul how it oversees cybersecurity

Lawmakers are pushing Congress to overhaul how it oversees the nation’s cybersecurity, including by adding new committees dedicated to the issue.

The effort gained momentum after the hack of SolarWinds computer network management software, which roiled the federal government and served as a wake-up call about widespread vulnerabilities in U.S. computer networks.

The Cyberspace Solarium Commission began calling for new cybersecurity committees last year before the hack was made public.

Modeled on the Eisenhower administration’s secret Project Solarium to study options for confronting the Soviet Union during the Cold War, Congress created the Cyberspace Solarium Commission to develop a consensus approach to national cybersecurity policy. The commission includes lawmakers, private-sector experts and executive branch officials, including FBI Director Christopher A. Wray.

The massive SolarWinds hack, which hit an estimated 18,000 government and business systems, added urgency for the commission’s members, including Rep. Mike Gallagher, Wisconsin Republican.

“Just as we created the House Committee on Homeland Security in the aftermath of September 11, we need to take similar action to ensure that the federal government can take coordinated, swift action to protect our country from crippling cyber attacks,” Mr. Gallagher said in a statement. “The Cyberspace Solarium Commission’s recommendation to establish House Permanent Select and Senate Select committees on cybersecurity would help us cut through the red tape and jurisdictional fights that have hampered our ability to fortify America’s cyber defenses.”

House Democrats last week put Rep. James R. Langevin, Rhode Island Democrat, on the Solarium Commission, in charge of a new cyber and artificial intelligence subcommittee within the Armed Services Committee.

As head of the Intelligence and Emerging Threats and Capabilities Subcommittee, Mr. Langevin will have responsibility for electronic warfare policy, cybersecurity operations and forces, defense-wide research and development, computer software acquisition policy, and a host of other issues critical to the nation’s cybersecurity agenda.

Mr. Langevin’s new role is expected to make it more difficult for cyber policy to slip from lawmakers’ minds in the House.

The Senate has moved slower, partly because of the ongoing impeachment trial of former President Donald Trump.

“Congressional self-interest, broken committee structures, and uncoordinated cyber responsibilities across the executive branch helped create the mess that made the SolarWinds hack possible,” said Sen. Ben Sasse, a Nebraska Republican on the Solarium Commission. “Our response to the hack must take into account the inadequacies of the current working relationship between the two branches of government.”

Lawmakers’ fury at the government’s disorganized response to the SolarWinds hack spilled into public view this week when the Senate Select Committee on Intelligence published a letter ripping the intelligence community for failing to mount an effective government response to the attack.

Sens. Mark Warner, Virginia Democrat, and Marco Rubio, Florida Republican, told the heads of the FBI, National Security Agency, Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency that they “lacked the leadership and coordination” necessary to respond to the hack.

Mr. Trump’s National Security Council created a Cyber Unified Coordination Group of those agencies late last year in response to revelations that the hack hit several federal agencies, including the department of Treasury, Justice and Homeland Security, and parts of the Pentagon.

Mr. Warner and Mr. Rubio, the intelligence committee chairman and its top-ranking Republican, said they had “little confidence that we are on the shortest path to recovery.”

Just as the federal government’s disparate agencies are each responding to the SolarWinds hack in their own way, so have several congressional committees competed for jurisdiction for oversight of the government’s response to the hack. House and Senate committees on intelligence, armed services and Homeland Security are jockeying to review the government’s response to the hack.