Cyber brain drain from Congress continues as Langevin, Katko announce departures

Congress will lose a substantial chunk of its cyber expertise as multiple members with backgrounds in digital security policy are leaving ahead of the 2022 mid-term elections.

On Tuesday, Rep. Jim Langevin, D-R.I., announced he would not be running for reelection this year.

“Like I promised when I first ran for office, I have done my best to stand up for you and your families. But after serving the people of Rhode Island for over 3 decades — including 11 terms and nearly 22 years in Congress — today, I am announcing that I will not be a candidate for elected office this November,” Langevin wrote Tuesday in an op-ed in the Rhode Island Providence Journal.

Langevin’s congressional career has been marked by a keen interest in cybersecurity policy well before it became a hot-button issue in the federal government. He is a co-founder of the Congressional Cybersecurity Caucus, chairs the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems and also sits on the House Homeland Security Committee, which has oversight jurisdiction for the Cybersecurity and Infrastructure Security Agency (CISA).

Langevin was among the first lawmakers to make the case for transforming the National Protection and Programs Directorate — an obscure component with the Department of Homeland Security with little in the way of budget or resources — into what eventually became CISA. He has used his committee assignments to consistently stump for CISA and U.S. Cyber Command to receive additional funding and resources to meet the increased threat from nation-state and criminal hacking groups that target the U.S.

He also served as a commissioner for the Cyberspace Solarium Commission, and helped usher dozens of bills based on their recommendations through Congress, including the establishment of a national cyber director, empowering CISA to conduct proactive threat hunting on federal networks, establishing “nerve centers” to improve public and private collaboration on cybersecurity threats and many others.

One piece of unfinished business he will leave regards the way Congress debates and legislates around cybersecurity. Langevin has long been a critic of the way the issue is dispersed across Congress, telling this reporter in 2019 that at anywhere between 80 to 100 committees and subcommittees in Congress claim some ownership over the issue. That kind of jurisdictional sprawl makes it nearly impossible to move significant or even slightly controversial legislation around cybersecurity, and inhibits the ability of Congress to update laws and procedures in a timely fashion, and Langevin and others have sought to streamline which committees have ownership over the issue.

Outside of Congress, he has engendered deep respect within the cybersecurity community, attending and giving talks at popular hacker conferences like DEF CON and championing the legal right of security researchers to probe commercial products for vulnerabilities.

More lawmakers announce departure

The news of Langevin’s impending departure comes less than a week after Rep. John Katko, R-N.Y., Langevin’s colleague on the House Homeland Security Committee, announced that he will also not be seeking reelection next year. Katko has emphasized his cybersecurity bonafides and spent much of his time immersed in the subject in his role as ranking Republican on the committee.

Among his most recent efforts is proposed legislation in the wake of the Colonial Pipeline and JBS ransomware attacks that would direct CISA to identify “systemically important” critical infrastructure entities in order to prioritize federal response and resource allocation. CISA Director Jen Easterly has endorsed the concept and said her agency is not waiting for legislation to work on developing a similar program.

“The SICI effort at CISA is among the most important cybersecurity work happening in the nation as it seeks to address the concern that if everything is critical then nothing is truly critical,” Katko said in a statement to SC Media earlier this month, before announcing he wouldn’t run again. “That’s why I introduced the bill to authorize and guide their efforts. I appreciate Director Easterly’s ongoing support for the legislation and look forward to working with my Democrat counterparts to advance it so that Congress can ensure robust oversight and success of this monumental effort.”

However, Katko has fallen increasingly out of step with fellow Republicans over the past year following his support of impeachment of former President Donald Trump following the Jan. 6 Capitol riots and his vote in favor of a bipartisan infrastructure agreement earlier this year.

He was subjected to attacks from far-right lawmakers like Rep. Marjorie Taylor-Greene, R-Ga., for being a “traitor” following his impeachment vote, not representing a “border state” and emphasizing issues like cybersecurity over immigration as ranking Republican on the Homeland Security Committee.

Katko’s district, in fact, shares a border with Canada and his state, New York, was the subject of terrorist attacks in 2001 that resulted in the creation of the Department of Homeland Security and subsequent committees in Congress.

The departures add to the brain drain that has occurred around cyber policy in Congress over the past few years.

Sen. Rob Portman, R-Ohio, the ranking Republican on the Senate Homeland Security Committee who has been involved in legislative pushes this year around the Cyber Incident Reporting Act, reforming the Federal Information Security and Management Act and other bills, is retiring. Sen. Richard Burr, R-N.C., served for years as the top Republican on the Senate Intelligence Committee and oversaw major reauthorizations and reforms to the federal government's surveillance powers before stepping down as chair and announcing his retirement following an investigation into insider trading related to the COVID-19 pandemic.

Rep. Cedric Richmond, D-La., who chaired the House Homeland Subcommittee of Cybersecurity and Infrastructure Protection, also left for a job with the Biden administration last year, a post that has since been filled by Rep. Yvette Clarke, D-N.Y.