As he begins his final year in Congress, Rep. Jim Langevin (D-R.I.) said Wednesday he is focused on moving forward legislation to lock in intelligence sharing obligations between the U.S. government and large companies operating the country’s critical infrastructure sectors.
Langevin said he plans to introduce a bill soon that would set a “social contract” establishing collaboration requirements and benefits for entities designated “systemically important critical infrastructure” (SICI), to bolster the ability to defend against cyber attacks.
“It’s focused on those companies that are so large and so important to the national and economic security of the United States that if they went down it wouldn’t just be the company having a bad day but the entire country having a bad day. Think of a whole sector of the country’s electric grid going down, just by way of example,” Langevin said.
Langevin, a member of the House Homeland Security Committee and its Subcommittee on Cybersecurity and Infrastructure Protection, said it’s likely around 100 companies meet the SICI designation, such as those that run banks or electrical utilities, and includes those large enough to have the capacity to provide actionable intelligence to the federal government with the resources to act on critical vulnerabilities.
“The number of those companies are very small but the impact would be large,” Langevin said. “It’s better that we start with the larger companies and then work down from there. Recognizing, of course, that we’re only as strong as our weakest links so we can’t ignore the medium and small companies. But, we start with the larger companies and we can build out from there.”
Reps. John Katko (R-N.Y.) and Abigail Spanberger (D-Va.) previously introduced a bill this past fall that would direct the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to establish an open process, driven by stakeholders, to designate large firms as SICI entities (Defense Daily, Oct. 5).
Langevin said he is also looking to introduce a bill that would further efforts to develop a CISA-led Joint Collaboration Environment, where the government and private sector entities can securely collaborate and share information.
Separately, Langevin said he is interested in legislation that would create a Bureau of Cyber Statistics to quantify which methods are most effective for bolster cyber security and deterrence of critical systems.
“Right now, we don’t have any good data to really give us good information about where individuals and companies should be spending their next cyber security dollar. We have a good idea, a good sense, of what we think is important, things like two-factor authentication, encrypting data and such, but we want to have hard data. That will help both government and industry to know what’s working best and what’s not,” Langevin said.
Langevin, who is also the second-ranking Democrat on the House Armed Services Committee, announced last month he will not seek reelection in 2022 (Defense Daily, Jan. 18).
“I’ll be actively and aggressively working on cyber issues right up through the end of my term,” Langevin said Wednesday.