Cyber authorities

Proposed Legislation Seeks to Enhance the Authority of the National Cyber Director

Rep. Eric Swalwell has introduced legislation that would increase the authority of the Office of the National Cyber Director.

The Proactive Cyber Initiatives Act of 2022 will put the ONCD in charge of eliminating redundant jurisdictions between agencies when it comes to cybersecurity. It also mandates the heads of departments and agencies to implement regular penetration testing for moderate to high-risk government systems. Reports regarding the results of the tests must subsequently be delivered to the ONCD and the Office of Management and Budget, SC Media reported Tuesday.

The bill would also require the national cyber director, the Department of Defense, intelligence agencies and other organizations that study the government’s use of defense techniques to send reports to Congress.

Swalwell said in a statement that the bill ensures that cybersecurity initiatives are designed to protect critical infrastructure. He also noted that the government’s efforts have always been to respond to vulnerabilities after a breach occurs.

Current law allows ONCD to review agency cybersecurity budgets and to lead the government’s new cybersecurity strategy. However, the office has limited functions to compel agencies to ramp up their cybersecurity efforts.

Critical infrastructure operators and private sector groups have also been calling for more clarity about the national cyber director’s role in cyberspace. National Cyber Director Chris Inglis has been hesitant about the NCD becoming the ultimate deciding entity for settling disputes over cyber jurisdiction.