McCaul Announces Legislative Plans Amid Anticipation Over Trump's Cyber EO
House Homeland Security Committee Chairman Michael McCaul, R-Texas, touted progress Thursday on several upcoming cybersecurity bills, including legislation to reorganize the Department of Homeland Security’s National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Protection Agency. McCaul and other officials separately noted during a Thursday CTIA event the potential for President Donald Trump’s delayed cyber executive order (see 1701310066 and 1702280065) to shape policymaking on the issue, including the order’s growing association with an ongoing effort to modernize federal IT systems.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
McCaul said he plans to file a stand-alone bill on NPPD reorganization “soon” rather than attach it to general DHS reauthorization legislation, as he attempted last year in the scuttled DHS Reform and Improvement Act. McCaul said he believes he has Trump’s backing for the NPPD reorganization given White House officials’ recent “technical assistance” in tweaking the bill, which would elevate DHS’ cybersecurity mission. The Trump administration’s support “could greatly enhance our efforts,” McCaul said. He pointed earlier this year to jurisdictional disputes among the nine House committees that have oversight over DHS as the reason that earlier attempts at NPPD reorganization failed to gain steam. Former President Barack Obama’s administration also strongly supported NPPD reorganization (see 1701050073).
McCaul used the CTIA event to separately announce his filing of the House version of the Cybersecurity Scholarship Opportunities Act, which would expand the CyberCorps: Scholarship for Service program. The bill would expand the CyberCorps program, which provides scholarships to cybersecurity professionals who agree to work for the government, to also provide scholarships to graduates who commit to teaching college-level cyber courses, McCaul said. Sens. Tim Kaine, D-Va., and Roger Wicker, R-Miss., filed the Senate version of the bill (S-754) in late March.
Trump’s cybersecurity executive order, which appears likely to be released “in the near future,” could significantly aid ongoing efforts at making federal IT systems’ modernization a priority, McCaul said. “I don’t want to get ahead of the White House, but my sense is you’re going to see a modernization act,” he said. “Within the federal network system, we have these legacy systems that are very antiquated,” which “makes us vulnerable” to future cyberattacks on the same level as the Office of Personnel Management data breaches first revealed in 2015. White House Cybersecurity Coordinator Robert Joyce said Monday he anticipated the EO would be intertwined with Trump son-in-law and White House Office of Innovation Director Jared Kushner’s plans to prioritize IT modernization (see 1704240028).
The Modernizing Government Technology Act, which House Oversight IT Subcommittee Chairman Will Hurd, R-Texas, plans to reintroduce soon, could be the lead legislative vehicle in Congress for IT modernization if Trump’s EO does increase the issue’s visibility, McCaul said. That bill, which passed the House last year but stalled in the Senate, would create a central IT modernization fund and individual funds for the Department of Commerce and 23 other federal departments and agencies.
DHS also views the federal government’s need for IT systems modernization as a “bigger priority,” said acting National Protection and Programs Directorate Deputy Undersecretary-Cybersecurity Jeanette Manfra. Federal agencies should consider moving to the cloud as they consider their IT modernization options, she said. Agencies should be evaluating how to link cybersecurity needs into that conversation since “protecting legacy systems is a significant resource cost,” Manfra said. DHS must also “push the boundaries” of its partnership with the private sector on cybersecurity issues, she said.