'Do Not Let It Lapse': Eric Swalwell Stresses Importance Of CISA 2015 Act Renewal

Forbes Breaking News

During a House Homeland Security Committee hearing prior to the congressional recess, Rep. Eric Swalwell (D-CA) spoke about the CISA Information Sharing Act of 2015.

Transcript

00:00Good morning, Mrs. Swalwell, for his opening statement.

00:02Thank you, Chairman.

00:04And I was a member of the Intelligence Committee back in 2015 when the CISA 15 was enacted,

00:13and it was apparent to me then, even in the midst of very intense, vigorous debate,

00:20that we needed greater public-private cybersecurity collaboration.

00:24So I want to first just thank the witnesses for coming today and sharing their perspective,

00:31their members' positions, their industry's concerns, because we want to get this right,

00:37and we want to build on the success that we have.

00:40So we're hearing about new cybersecurity attacks every day,

00:43yet the federal government at the time had very little visibility into what was happening on private networks,

00:50and the private sector was receiving very little information from the federal government on cyber threats.

00:55I would say that is probably still happening today, and the biggest complaint I hear from you all,

00:58especially on JCDC, is it's a one-way relationship,

01:02and I know we want to do more to increase what is shared with you in the private sector.

01:09But I laid out in the 2015 debate that there was at the time almost no cyber sharing

01:17between the public sector and the private sector, and CISA 2015 sought to change that,

01:22and it has changed that.

01:23It's provided the legal framework to facilitate cyber information sharing

01:27between the federal government and the private sector.

01:29It gives companies the confidence that they'll be legally protected

01:33if they voluntarily share cyber threat information with the Department of Homeland Security

01:38or with their competitors.

01:40It's rare that these days we see such a wide consensus on any topic,

01:44but on the issue of reauthorizing CISA 2015, I've received a very clear message from everyone I've talked to.

01:50Do not let it lapse.

01:53Stakeholders have consistently stated that CISA 2015 has drastically improved public-private collaboration,

02:00helping our cyber defenders better do their job.

02:03Of particular importance to me was that in 2015 that we addressed privacy and civil liberty protections

02:09and demonstrated that their effectiveness was in ensuring information shared with the government

02:13is protected and always used properly.

02:17As CISA 2015 was developed, I advocated for strong privacy protections,

02:23and I'm glad to see those statutory requirements have achieved their outcomes.

02:27We must move quickly to reauthorize CISA 2015 before it expires in September.

02:32Maybe we could change the name so it's not so confusing with the other CISA that we're working on.

02:37That is one change I think we would all welcome.

02:39A good name change.

02:40Yeah, a good name change.

02:42While it's reasonable to discuss if there are ways to strengthen the law going forward,

02:45we cannot allow such discussions with such an imminent timeline to delay reauthorization.

02:51It's also important to remember there are steps that Congress and the administration can take

02:55in the interim after reauthorization.

02:58While establishing the legal regime to facilitate cyber information sharing,

03:03the maturation of Cyber Security and Infrastructure Security Agency, the original CISA,

03:08has provided a central hub for public-private cyber collaboration across critical infrastructure sectors.

03:15If CISA lacks the people and forms necessary to receive, analyze, and share cyber threat information,

03:22CISA 2015's provisions will be rendered meaningless.

03:25One important step for Congress that I have been working with in this committee

03:29is to codify the Joint Cyber Defense Collaborative and better define its mission and structure.

03:34And I hope we get a vote on that again this Congress.

03:37And the administration should restore the Critical Infrastructure Partnership Advocacy Council,

03:42also known as CPAC, or establish a similar new entity that provides a mechanism

03:47for critical infrastructure collaboration.

03:49Finally, we must continue to support CISA's efforts to improve automated indicator sharing

03:55and implement its Threat Intelligence Enterprise Services Program.

03:59Again, I thank the witnesses for participating in this.

04:03I expect I will hear across the board the value of CISA,

04:07that there are reforms that we can put in place,

04:09but if it's deciding between not authorizing and trying to find better reforms and risking this lapsing

04:17or reauthorizing something clean and then fighting and working together collaboratively ultimately

04:23to get reforms in the future, I think that you would choose the latter.

04:27With that, I yield back.

04:28Thank you very much.

Category

Transcript

Recommended