House lawmaker stumps for 5-year term for CISA's director

Rep. Lauren Underwood (D-Ill.) says she and her colleagues next year will continue to push for legislation enshrining a 5-year term for the director of the Cybersecurity and Infrastructure Security Agency despite resistance from the Senate.

"It's my understanding that there were objections in the Senate and so we're going to reassess that legislation in the next Congress," Underwood, who chairs a key house panel on cybersecurity, told attendees during a virtual cybersecurity summit today hosted by the Cyber Threat Alliance.

She was referring to a bipartisan amendment that House lawmakers moved to add to the Fiscal Year 2021 National Defense Authorization Act. The amendment would establish a five-year term for the CISA director and would also mandate assistant directorships be held by career officials rather than political appointees. The amendment would also limit the director to serving only two terms.

The push for a five-year term was backed by both Underwood and Rep. John Katko (R-N.Y.), the ranking member on the House's Cybersecurity, Infrastructure Protection and Innovation subcommittee.

The current CISA director Chris Krebs has served as the organization's chief since its inception in November 2018, although he was confirmed by the Senate to be the undersecretary for CISA's effective predecessor, the National Protection and Programs Directorate.

Krebs and his agency have gained national attention recently for their "Rumor Control" webpage that debunks election misinformation, including theories that have been spread by the White House.

Reuters reported last week that Krebs told associates he anticipated he would be fired shortly after the election concluded.

"I was really disturbed by rumors last week that Director Krebs might be forced out because of CISA's election security work," Underwood said today.

Those rumors followed the resignation of two other senior officials Valerie Boyd, a top Department of Homeland Security official working on international affairs, and Bryan Ware, formerly CISA's assistant director for cybersecurity.

The House Democrat today also sounded the alarm on a rise in ransomware attacks, citing a school in her district that was victim to a ransomware attack last year.

"We have to do more than simply tell people not to pay the ransom. We have to provide education. We have to provide resources and give folks options," she said.

Underwood cited legislation passed by the House earlier this year that establishes a $400 million grant program at the DHS to help state and local governments improve their cybersecurity.

"Senate action on that bill would be a huge step forward in our ability to fight against ransomware," she said.

The bill, called the State and Local Cybersecurity Improvement Act, was passed by the House in late September and referred to the Senate in October.