McCaul Calls for DHS Reform, U.S. Cybersecurity Revamp

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Prioritizing U.S. cybersecurity responsibility under the DHS is one of House Committee on Homeland Security Chairman Michael McCaul’s main priorities, the Texas Republican told Bloomberg BNA.

McCaul’s efforts may help companies untangle the sometimes confusing array of federal departments and agencies when deciding where they should turn for help when a cyberattack strikes, and help alleviate uncertainty about how President-elect Donald J. Trump will address the issue. In any event, companies should be prepared for continued efforts to encourage cybersecurity threat information sharing with the government.

As it stands now, in the event of a cyberattack or other network intrusion on a U.S. company the Federal Bureau of Investigation, the National Security Agency, the Central Intelligence Agency, the Department of Homeland Security and even the U.S. Army may get involved depending on the specific threat actor, Rob Wilson, founder and CEO of corporate encryption company Secured Communications LLC in Los Angeles, told Bloomberg BNA.

McCaul said that “streamlining our domestic cyber efforts into a single, strong cybersecurity agency at the” DHS is a “top priority” throughout 2017. The refocus of domestic cybersecurity will help the DHS protect companies and U.S. citizens from debilitating cyberattacks, he said.

Domestic Cybersecurity Agency

Even within the DHS, there are several components that address domestic cybersecurity, including the office of the secretary, the Secret Service and offices focused on international issues.

In 2016, McCaul introduced the DHS Reform and Improvement Act, H.R. 6381, which called for a centralized domestic cybersecurity and infrastructure protection agency within the DHS. The bill would have created a centralized cybersecurity agency to “lead national efforts to protect and enhance the security and resilience of the cyber and critical infrastructure.”

Although the measure stalled in the House Subcommittee on Biotechnology, Horticulture and Research, McCaul said he is poised to reintroduce the legislation in the next Congress.

Wilson, whose company provided encryption technology for the third 2016 presidential debate, said that the fact that a DHS reform and cybersecurity measure has been referred to at least 11 House committees and subcommittees shows that there are “too many cooks in the U.S. cybersecurity kitchen.”

The U.S. lacks a “clear voice” in domestic U.S. cybersecurity policy and that should rest with the DHS, he said.

But Cindy Cohn, executive director at digital rights advocacy group the Electronic Frontier Foundation, told Bloomberg BNA that digital security issues should “flow across many government agencies.” However, U.S.-based cybersecurity shouldn’t solely fall into the hands of the government, she said.

Information Sharing Focus

McCaul was also instrumental in getting the Cybersecurity Information Sharing Act (CISA) implemented as part of the Consolidated Appropriations Act.

CISA protects companies that share cybersecurity “threat indicator or defensive measure” with the government. Under CISA, private entities that “promptly” share their data with the government are granted immunity from any public or private cause of action.

The DHS is the best agency to continue oversight of the information sharing program because it is in the position to “address cybersecurity threats and facilitate information sharing between the government and private industry,” McCaul said.

The House homeland security panel chief said that he’ll continue to use his committee to oversee the information sharing initiatives because “if no one shares data, everyone is less secure and intrusions go undetected.”

A spokesman for House Committee on Homeland Security Ranking Member Bennie Thompson (D-Miss.) previously told Bloomberg BNA that the congressman supports continued oversight of the DHS to “ensure that the authorities and resources are being utilized in ways that enhance cybersecurity in the federal government and private sector.”

Cohn said that although cybersecurity threat information sharing may help companies combat cyberattacks, the program needs to be more transparent. Without more status reporting by the government, U.S. citizens may never know what kind of consumer data is being shared and whether the information is being used for proper purposes, she said.

Can New DHS Secretary Curtail Cyberattacks?

Trump recently named retired Marine Corps Gen. John Kelly as DHS secretary. Kelly must still get Senate approval before he can take over the reins of the DHS from Secretary Jeh Johnson.

Although Kelly doesn’t have a strong cybersecurity background, he made progress in “strengthening regional cyber defense and information operations capabilities,” according to a 2014 House Armed Services Committee testimony.

McCaul, who serves as a Trump transition team adviser, said that “Kelly is a strong leader with an in-depth knowledge about the most crucial homeland security issues facing the United States.” It is imperative that when the U.S. faces “grave dangers from terrorists to cyber criminals” that there is a “steady, decisive Secretary at the helm.”

McCaul, whose name was floated as a possible pick for DHS secretary, said he looks forward to working with Kelly on “cybersecurity and other key homeland security issues.”

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.