House Homeland Security Chairman Michael McCaul is sketching out his cybersecurity agenda for the next Congress, but he also has a more immediate goal in mind that could be beneficial to the Texas Republican if President-elect Trump nominates him to be secretary of homeland security.
McCaul has made clear he is interested in the job, but it remains unclear when the Trump team will announce a selection for the DHS post.
In the meantime, an aide says McCaul’s No. 1 priority in the lame-duck session of Congress is to secure passage of a Homeland Security Committee-passed bill that codifies certain DHS authorities in cyberspace.
To be sure, McCaul has been working on passage of that measure since long before the election, or even nomination, of Trump. But passage now would certainly be a nice benefit for Chairman McCaul should he become Secretary McCaul.
The Homeland Security Committee in June passed the DHS reorganization bill that would codify cyberactivities at the DHS National Protection and Programs Directorate, which would be renamed the Cybersecurity and Infrastructure Protection Agency.
“The mission of the agency shall be to lead national efforts to protect and enhance the security and resilience of the cyber and critical infrastructure of the United States,” according to the bill.
But the measure was also referred to the House Oversight and Government Reform, Energy and Commerce and Transportation and Infrastructure panels, which have raised a variety of issues. “It’s been like herding cats,” one source commented.
In particular, the legislation appears to be hung up by a jurisdictional dispute involving the House Oversight and Government Reform Committee, which is trying to “re-litigate” the DHS authorities spelled out in the Cybersecurity Act of 2015, according to one supporter of the McCaul legislation.
Last year’s law spelled out DHS’ role — much to the delight of the congressional homeland security committees — but the House oversight panel says much authority over the cyberdefense of federal networks still resides at the Office of Management and Budget.
OMB is within the oversight committee’s jurisdiction, unlike DHS, and successive oversight committee chairmen have battled fiercely with McCaul over the jurisdictional lines of authority.
At this stage, the House Republican leadership “is involved and needs to continue to play a role” in sorting out the dispute among the committees over the DHS bill, according to one congressional source.
It’s unclear whether that can happen during the lame-duck, but McCaul is pushing for it.
On McCaul’s broader cybersecurity agenda for the 115th Congress, the list begins with vigorous oversight of how the Cybersecurity Act of 2015 is being implemented, according to a congressional source.
Also on the list are “other steps to secure the .gov domain,” improving the cyberworkforce, and other issues, the source said.
And McCaul will examine cyberissues such as deterrence.
“What is the strategy to deter adversaries?” McCaul is asking, according to the source. “How do the pieces fit together at DHS, the Department of Defense, the FBI and others? How do these entities coordinate?”
On the Cybersecurity Act of 2015, “Oversight is going to be key” as DHS continues putting in place and using tools provided by the law, according to the source. McCaul “is calling for a new focus on implementation” in the coming year, the source said.
The 2015 law provides industry with legal protections to share cyberthreat indicators and clarifies DHS’ role and functions on info-sharing.
On cyberworkforce issues, McCaul intends to look at ways to “grow the [employment] pipeline at DHS, to make it easier for people to join DHS,” the source said.
McCaul also wants to look at ways the federal government can provide more assistance to state and local governments’ cybersecurity efforts.
McCaul is expected to formally lay out his cybersecurity and broader agenda in a “state of homeland security” speech in early December, according to a spokeswoman.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
