The House Homeland Security Committee today voted to approve two bills important to the Cybersecurity and Infrastructure Security Agency (CISA) and its leadership and legal authorities.
The first bill approved is the CISA Director Reform Act (H.R. 5679), which would amend the Homeland Security Act of 2002 to limit the term of the CISA Director to five years. H.R. 5679 was introduced on Jan. 27 by Rep. John Katko, R-N.Y., and is cosponsored by Reps. Cedric Richmond, D-La., and James Langevin, D-R.I.
Rep. Katko said at today’s committee mark-up session that the legislation would help limit turnover within the position, and “attract top talent” to the post. Rep. Langevin remarked that he would like the position to be removed from the political push and pull of Washington by not being a political appointment.
The second bill cleared by the committee is the Cybersecurity Vulnerability Identification and Notification Act of 2020 (H.R. 5680), which would give CISA the “necessary legal tools to notify entities at risk of cybersecurity vulnerabilities in the enterprise devices or systems that control critical assets of the U.S., and for other purposes.”
More plainly, the bill would give the CISA Director subpoena authority to produce information to identify and notify at-risk entities in order to carry out cybersecurity purposes. The Director would also have to make “reasonable efforts” to identify at-risk entities before issuing a subpoena.
H.R. 5680 was also introduced in the House on Jan. 27 by Rep. Langevin, with Rep. Katko and Rep. Richmond signing on as cosponsors of the bill. They were joined by additional cosponsors Rep. Bennie Thompson, D-Miss., and Rep. Sheila Jackson Lee, D-Texas.