At Committee Hearing, Portman Highlights Importance of Building a Robust Cyber Workforce and Passing Bipartisan Cybersecurity Legislation
WASHINGTON, DC - Today, at the Senate Homeland Security and Governmental Affairs Committee hearing, U.S. Senator Rob Portman (R-OH) questioned the Director of Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, Christopher Krebs, on what more Congress can do to ensure the cybersecurity division of DHS has the resources and personnel they need in order to protect against cyberattacks at the Federal, state, and local level.
Senator Portman has led efforts to address state and local cybersecurity threats as a member of the bipartisan Senate Cybersecurity Caucus. Bipartisan legislation introduced by Senators Portman and Hassan to bolster cybersecurity in the public and private sector, the Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act was signed into law as part of the final FY 2020 budget agreement last year. Senators Portman and Hassan’s bipartisan Hack Department of Homeland Security (DHS) Act and Public-Private Cybersecurity Cooperation Act were included in a package of bills that were signed into law in 2018.
Excerpts of his questioning can be found below and a video can be found here:
Portman: “Thanks for having the hearing, this is really important and timely given what’s happening. I saw the two GAO reports. It sounds like you feel as though you’ve now done what you need to do in terms of the election security recommendations they had in their report. Is that correct?”
Mr. Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency at DHS: “Yes sir, we released our strategic plan on Friday and if you take a look at it, by the way, it’s a pretty clean, polished document. This is not something I just rushed out. It was ready to go, this is the plan we’ve been operating against since next February so we have a very clear understanding internal to CISA and with our partners about what we’re trying to accomplish and we have had so for a year.”
Portman: “Alright, in terms of what you’ve talked about today, earlier you talked about some of the authorities you might be looking for. One that’s out there already, as legislation, is to codify or formalize the relationship between you and the State Information Sharing and Analysis Center, the MS-ISAC we’ve been talking about. That’s 1846, it’s passed the Senate already, I assume you’d like to see that get passed. Second is this legislation the chairman just talked about to give you the subpoena power to be able to go to the internet service providers, very important. On the state coordinator bill, are you openly supporting that, is the administration supporting that? You have said you want to push more expertise down to the state and local level and you’d like to have somebody in every state capitol.”
Mr. Krebs: “Yes sir, that is definitely a capability that we can benefit from. Additional resources out in the field, yes sir.”
“So, I think stepping back a little bit. First off, whether it’s the Boots on the Ground Act or the ability to direct-hire authority for certain positions, I think that those are paving the way for us to be more successful. I think we have some internal housekeeping to do in terms of the process from left to right. The entire hiring process, we’ve got some internal roadblocks that we’re working through right now that I’m confident in the next six months we’ll be able to make significant progress.”
"That is the cyber talent and management system."
“So that’s the Department of Homeland Security’s management office that’s taking point on that. My understanding is by fourth quarter this year they will be fully hiring against those billets. It is a reimagining of the civil service and so it is not an overnight process and it took, I believe, some rulemaking and other aspects to get it to where it needed to be. But we are not waiting for that. We do have direct-hire authority, plus we have retention incentives up to 25 percent for employees, similar to what some of the intelligence community and Department of Defense may have as well. So we’re taking full advantage of that and we have seen our attrition rate go down over the last year or so, so we are excited by that. But I’ve got to build up that base, so we are working with partners through the Scholarship for Service, through the Cyber Talent Initiative, where we can have the private sector play a role here. One of the things I’m really excited about it is where the private sector can play a role - again this is the Cyber Talent Initiative - where they can provide tuition assistance to students coming out of college as long as they serve two-plus years or so in the federal government and then they’ll have the opportunity to go out in the private sector. For me, that’s a good thing. So if I get somebody in and have them for two to four years and then they spin out into the private sector, that’s not bad. That’s good. That’s mean I’ve been able to train people up, I now have an alumni network out in the private sector. I don’t - I’m a small agency, I’m a young agency, not like the FBI - big and old. Not old, they’ve just been around longer than us. Not old, been around longer. They have an alumni network, I do not. I’ve got to be able to build this up so when somebody goes out to the private sector, they know how to work with us, they know what we can do. They know how to work with us so I’m really excited about some of these things that are coming down the pipe.”
“We also have tuition assistance capability but that’s a different - the Cyber Talent Initiative is a different program where the private sector takes over that piece - but I think this is the cybersecurity workforce and I think it’s been built, the gap has been built up a little bit, but this is truly one of those shared responsibilities where the private sector is going to benefit from supporting the federal government training the first four years of someone’s career, giving them the appropriate training and then spitting them out. I think it’s a win-win for everybody.”