With fiscal year (FY) 2021 ending September 30, the House Rules Committee will be meeting on September 20 to decide which of the over 800 amendments filed for the FY2022 National Defense Authorization Act (NDAA) will get a floor vote.
Among the proposed amendments are a variety of cyber measures and bills that House members hope to get included as amendments.
One amendment, proposed by Reps. Andrew Garbarino, R-N.Y., and Jim Langevin, D-R.I., would limit the Cybersecurity and Infrastructure Security Agency (CISA) director to a five-year term and reaffirms that the position is to be nominated by the president and Senate-confirmed. If passed, that would mean CISA Director Jen Easterly’s term will end in 2026. The amendment mirrors the Cyber Leadership Act introduced by Garbarino and a few other Homeland Security Committee members.
A few other amendments were offered that would look to bulk up the nation’s cybersecurity workforce
One offered by Reps. Chrissy Houlahan, D-Pa., and Anthony Gonzalez, R-Ohio, would create a partnership between the Department of Veterans Affairs (VA) and CISA. The amendment would direct the VA to create a cybersecurity training program for veterans and armed forces members transitioning back to civilian life. The amendment would create a cybersecurity apprenticeship program at CISA.
Another amendment proposed Reps. Tony Gonzalez, R-Tex., and Robin Kelly, D-Ill., would create a National Digital Reserve Corps at the General Services Administration (GSA). The amendment would allow private-sector tech professionals to work for the Federal government for up to 30 calendar days each year to work on digital, cybersecurity, and artificial intelligence (AI) projects in the short term.
Rep. Garbarino, ranking member on the Homeland Cybersecurity, Infrastructure Protection and Innovation Subcommittee, has also joined forces with Rep. Yvette Clarke, D-N.Y., who chairs the subcommittee. The duo teamed up for an amendment that would require CISA to update its cyber incident response plan at least every two years. The amendment would also require CISA to consult with relevant sector risk management agencies and the National Cyber Director to help educate relevant parties about their roles in the cyber incident response plan.
That is not the only time Garbarino and Clarke appear on the same amendment. The duo also co-sponsor a pair of amendments with Homeland Security Committee Chair Bennie Thompson, D-Miss., and ranking member John Katko, R-N.Y., aimed at protecting the nation’s critical infrastructure.
One would authorize CISA’s CyberSentry program, an industrial control system (ICS) cybersecurity program. The program would allow CISA to work with ICS operators to provide voluntary threat detection and monitoring.
The quad of Homeland Security leaders also offered an amendment to establish a new Cyber Incident Review Office at CISA and require critical infrastructure owners and operators to report any incidents to that office.
At least one bill that has already made it out of committee appears as an amendment, as Rep. Elissa Slotkin, D-Mich. offered an amendment similar to her Cyber Exercise Act that made it through the House Homeland Security Committee in May. The amendment would have CISA codify a National Cyber Exercise Program, building on its previous work.
One amendment offered targets the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program that has been under an internal review since the end of March. The amendment would require the DoD to submit a report on how the program would affect small businesses. Industry groups recently called on the DoD to publicly reaffirm its support for the program.
All these just scratch the surface of the multitude of amendments offered to the FY2022 NDAA, but could have a chance to see the floor, as all mentioned have bi-partisan support. The Rules Committee will meet Sept. 20 at noon to decide which offered amendments could see a floor vote, with Congress returning the same day.