Green, Garbarino Statement on the Release of the National Cybersecurity Strategy
WASHINGTON, DC— Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) and Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) released the following statement on the long-awaited release of the Biden administration’s National Cybersecurity Strategy.
“The Biden Administration has been promising a new National Cybersecurity Strategy for months now. President Biden has been slow to deliver on this promise leading to continued uncertainty and risk for our federal networks and critical infrastructure; therefore, we are pleased to finally see a Strategy. We appreciate the recognition of the threat from China, Russia, and other foreign adversaries and the need to go after perpetrators and enablers of cyber crime and shore up our defenses in the face of these malicious actors. The Strategy also rightly highlights the need for public-private collaboration and federal government coordination. We need strong leadership at the helm of our federal cyber defenses, and we hope the next National Cyber Director is up to the challenge.
“However, it’s no surprise that this Administration’s desire for more regulation, bureaucracy, and red tape is a consistent theme in the National Cybersecurity Strategy. While the Trump Administration’s National Cyber Strategy promoted open, industry driven standards, and risk-based approaches, the Biden Administration’s Strategy encourages agencies to regulate where they can and identify regulatory gaps where they want new authorities. The key to building trust with our private sector partners is employing harmonization across government, rather than encouraging disparate and competing efforts. We must clarify federal cybersecurity roles and responsibilities, not create additional burdens, to minimize confusion and redundancies across the government. We are concerned that while the Administration expresses their desire to harmonize, their actions have only encouraged or forced new regulations from multiple agencies – in contradiction of Congress’ clear direction through the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Biden Administration must prioritize streamlining existing regulations while working with the private sector to identify new opportunities for partnership, rather than punishment, particularly through their implementation of this Strategy.
“While this Administration has made some progress on the cyber front, there is still much to be done to strengthen our nation’s cyber resilience in the face of ever-complex foreign threats. In his Executive Order on Improving the Nation’s Cybersecurity (EO), Biden appropriately focused his Administration’s efforts on strengthening the posture of Federal Civilian Executive Branch (FCEB) network security and we are glad to see that also reflected in this Strategy. While we’re encouraged by some of the progress of the EO thus far, like the implementation of Zero Trust Architecture across the FCEB, most of what we’ve seen coming out of the White House, including this new Strategy, is a push for more red tape.
“As Chairmen of the Homeland Security Committee and the Cybersecurity and Infrastructure Protection Subcommittee, we plan to exercise strong oversight over the Administration’s operational implementation of the Strategy, particularly the requirements for the Cybersecurity and Infrastructure Security Agency (CISA). We are eager to see the implementation plan for this strategy, especially the planned efforts to hopefully ease the regulatory burden on industry while maintaining a strong cybersecurity posture. A strategy is meaningless unless properly implemented, thus we will maintain unwavering focus on CISA as the lead for federal cybersecurity and critical infrastructure resilience as they operationalize the Strategy.”