Cybersecurity, Infrastructure Top Homeland Security Hill Agenda

Legislation to allow the government to subpoena internet companies in order to protect electric grids and other infrastructure from cyberattacks will be a high priority in early 2020, top homeland security lawmakers say.

That legislation would be part of a larger focus on protecting America from an increasing breadth of cybersecurity attacks on its businesses, governments, and citizens, Republicans and Democrats leading the House and Senate homeland security committees said in interviews. They say bipartisan efforts on cyber-related issues may make progress as the 2020 elections vie for lawmakers’ attention and border-security negotiations continue to stall.

“No question—cybersecurity has to be a central focus of what we do next year,” Gary Peters (D-Mich.), ranking member of the Senate Homeland Security and Governmental Affairs, said in a December interview.

Concerns about cyberattacks on the U.S. government and businesses escalated last week after Iranian Supreme Leader Ali Khamenei vowed “severe retaliation” for an American airstrike that killed one of the Islamic country’s top officials, Qassem Soleimani. Former U.S. national security officials and specialists said Iran may choose to retaliate through an online attack, given its sophisticated arsenal of cyber weapons.

Iran Is Big on Cyberwarfare. How Does That Work?: QuickTake

Rob Engelaar/AFP/Getty Images

House Homeland Security Committee member Jim Langevin (D-R.I.) said in a December interview he’s developing legislation to introduce early in 2020 to give administrative subpoena authority to the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, or CISA.

Similar bipartisan legislation (S. 3045) was introduced in late 2019 by Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-Wis.). Chris Krebs, director of CISA, has requested the legislation, stating the agency can see vulnerabilities on the online systems of critical infrastructure like dams and hospitals, but it doesn’t have a way of knowing the owner of the system without identification help from its internet provider.

Some members still want to ensure the bill has sufficient guardrails to limit information the government can demand and protect company privacy, House Homeland Security Chairman Bennie Thompson (D-Miss.) said.

Eye on Ransom Attacks

Also on tap for early momentum in the chambers is legislation (S. 1846) to help strengthen coordination between the federal government with state and local communities to prevent and mitigate cyberattacks, Peters and lobbyists on cybersecurity issues said. The bipartisan legislation, introduced in the Senate by Peters and passed in November, comes amid an increasing number of ransomware attacks that have shut down operations in several big cities recently.

“Over the course of 2019 watching Baltimore, Atlanta, and now New Orleans attacked, I think it needs to be a top priority,” Norma Krayem, chair of Van Scoyoc Associates’ cybersecurity and data privacy practice, said of the bill.

Thompson said his panel is also working with two other House committees—Administration and Energy and Commerce—on election security legislation to force states and localities to set standards to protect their voting systems, through means such as requiring paper ballots.

Johnson also said his committee would hold a hearing with an election security focus in 2020. He also said he’d like to hold a hearing on government use of biometrics.

Johnson is also working with House Homeland Security Committee ranking member Mike Rogers (R-Ala.) on proposals to expand access to DHS scholarships for cyber students who commit to working for the government after graduation.

“This is the new frontier, and if we don’t staff it, we’re in trouble,” Thompson said.

Langevin also said recommendations from the Cyberspace Solarium Commission, a group of lawmakers, industry, and cyber specialists as well as federal officials formed to develop bipartisan strategies to defend the U.S. against cyber attacks, is set for release in April. The commission was created by the annual defense policy bill for fiscal 2019 (Public Law 115-232).

To contact the reporter on this story: Michaela Ross in Washington at

To contact the editors responsible for this story: Paul Hendrie at; Jonathan Nicholson at; Robin Meszoly at