Garbarino, Swalwell Send Bipartisan Letter to CISA Director Easterly on New ‘Systemically Important Entities’ Office

“CISA must have clear goals, objectives, and metrics to measure success in place at the outset.”

WASHINGTON, D.C. – Ahead of today’s Subcommittee on Cybersecurity and Infrastructure Protection’s hearing with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly, Subcommittee Chairman Andrew Garbarino (R-NY) and Ranking Member Eric Swalwell (D-CA) sent a bipartisan letter to Director Easterly requesting details on the goals of a new CISA program office, which seeks to identify the most vulnerable critical infrastructure entities across the country, and whether these goals complement, replace, or are duplicative to existing efforts already underway in the agency to identify and mitigate systemic risk.

Read more in The Washington Post here.

In the letter, the members wrote: “We write to inquire about the Cybersecurity and Infrastructure Security Agency’s (CISA) reported plans to establish a new program office to identify “systemically important entities” (SIE) by the end of September.”

The letter continues: “Given the vast scope of this initiative, and its similarities to other programs previously initiated, we request additional information on CISA’s proposed SIE designation efforts. Specifically, we request information on how these efforts complement or replace existing efforts to mitigate systemic risk to Section 9 entities, secure National Critical Functions (NCF), prioritize assets through the National Critical Infrastructure Prioritization Program, and maintain a National Asset Database. We also hope to understand how the National Risk Management Center (NRMC) and the proposed new SIE office will coordinate and deconflict efforts related to SIEs.”

The letter concludes: “CISA must have clear goals, objectives, and metrics to measure success in place at the outset. Last month, the Bank Policy Institute (BPI) formally testified in front of the subcommittee that, “Financial institutions are very supportive of efforts to identify and prioritize critical infrastructure assets that are most important to our national security. However, CISA should clarify what it intends to accomplish with a new designation and how it relates to existing efforts, including the Section 9 list, national critical functions and sector specific systemic risk designations like [systemically important financial institutions].” […] Government bureaucracy should not amount to increased risk for these entities. We intend to ensure all sectors, including financial services, are not tasked with duplicative designations and requirements with this proposed new program office.”

Read the full letter here.