House committee advances bill that would give DHS cyber agency subpoena power

by Maggie Miller - 01/29/20 3:12 PM ET

The House Homeland Security Committee approved legislation on Wednesday that would give the Department of Homeland Security’s (DHS) cyber agency subpoena power and increase cyber protections for the nation.

The committee unanimously approved the bipartisan Cybersecurity and Vulnerability Identification and Notification Act, sending it to the full House for a vote. The bill would give DHS’s Cybersecurity and Infrastructure Security Agency (CISA) the ability to issue subpoenas to internet service providers that would compel them to release information on any cyber vulnerabilities detected on the networks of critical infrastructure groups.

Rep. Jim Langevin (D-R.I.), one of the bill’s sponsors and a key cybersecurity advocate in the House, said in a statement following the vote that the legislation would give CISA “the ability to say something when they see something.”

He added that “while CISA analysts work diligently to monitor and uncover risks, current policy impedes them in their efforts to warn at-risk critical infrastructure operators. There have been numerous instances where CISA has not been able to identify the owner of a vulnerable system and warn them of their exposure.”

Other sponsors of the bill are committee Chairman Bennie Thompson (D-Miss.), Reps. Cedric Richmond (D-La.) and John Katko (R-N.Y.) — the leaders of the panel’s cybersecurity subcommittee — and Reps. Sheila Jackson Lee (D-Texas) and John Ratcliffe (R-Texas).

The bill has a Senate companion sponsored by Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and Sen. Maggie Hassan (D-N.H.) that was introduced in December. The Senate committee has not yet taken up that bill.

The House committee on Wednesday also unanimously approved legislation that would create a set five-year term for CISA directors, with sponsors saying that uncertainty over leadership could occur without one.

“By establishing a set term limit of five years for the CISA Director position, my legislation will improve efficiency at the agency and provide certainty outside of the ad hoc appointments and varying term lengths that are currently in place,” Katko, who sponsored the bill alongside Langevin and Richmond, said in a statement.

The leaders of the House Homeland Security Committee noted that the bills marked up by the committee that applied to DHS agencies would likely be combined into an overall “authorization” package for DHS that will be introduced sometime in the next few months.

“In the coming months, we will be looking to the Senate to not only advance these measures but extend the authorization for DHS’ chemical security program and, in the spring, working with us on DHS authorization legislation,” Thompson said Wednesday.