How House Republican’s Oversight Focus Will Impact Cybersecurity

By Andrew Lock

Similar to the drama of a Presidential transition, this year’s Congressional reorganization kicks off an overhaul of policy priorities. With Republicans in charge of the House, we embark on a two-year slog on a range of critical issues, including shoring up our nation’s cybersecurity. However, with a GOP-controlled House and Democratic control of the Senate and the White House, the Vegas odds of bipartisan, bicameral cybersecurity policy breakthroughs are looking bleak.

Where does Congressional leadership turn in a split Congress to get work done? House Republicans have already telegraphed their goals in bold-titled press releases and op-eds with one key term: “Oversight.”

In the 118th Congress, the House Committee on Homeland Security will be subjected to an atypically bright spotlight as Republican leadership leans into its oversight responsibilities as a means of bringing scrutiny to the Biden Administration’s priorities ahead of the next Presidential election. During the 117th Congress, then-Republican Leader Kevin McCarthy and the leads of relevant authorizing committees convened a series of working groups to identify issues ripe for Congressional oversight. As a contextual note, it is very rare that Congress plans anything years in advance — except for perhaps the Inaugural ceremonies — highlighting the confidence that GOP leadership had in their assumption of chamber control, and its intentions to make good on oversight priorities.

The issues ripe for House Republican oversight efforts, laid out in a December press release from Leader McCarthy’s office, include several that are core to House Homeland’s slim but important jurisdiction. Border security, immigration, counterterrorism, Chinese and nation-state influence, and cybersecurity are all considered core oversight targets.

While the House Homeland Security Committee is sure to focus on these issues, another layer of oversight will come from the House Committee on Oversight and Accountability under the leadership of Chairman James Comer (R-KY). In addition to the priorities stated by Leader McCarthy and his various oversight task forces, Rep. Comer has an oversight agenda of his own that he outlined in a recent Wall Street Journal opinion piece. Undoubtedly, there will be a close corollary between the work of the House Committee on Homeland Security and the House Committee on Oversight and Reform and what will score political points leading into the 2024 presidential election cycle.

With oversight the key focus of House Republicans, what does this mean for the future of Congressional efforts on cybersecurity?

While the committee’s chairman, Rep. Mark Green (R-TN), is new to the Homeland dais, he carries several bona fides in security policy, including previous assignments on the House Foreign Affairs and House Armed Services Committees, where he championed efforts to combat malign foreign influence and U.S. border and immigration reform. Chairman Green announced his naming as the new GOP committee lead with a brief press release in which he highlighted two main issues of focus — border reform and cybersecurity.

On the latter issue, we expect that, in a break from that last several years, new funding for core cyber agencies like CISA will dry up. Congress should, and likely will, ask CISA to show how the nation’s cybersecurity has improved with the various rounds of supplemental funding that have already been provided to the agency. House Republicans will want to see their top homeland security priorities — border security and immigration enforcement — funded at higher levels, which could cause CISA’s budget to suffer unless a very persuasive case is made on the strong return on investment for all of the recent new spending. Given this reality, we expect CISA to focus on executing its budget and showing value for the investments Congress has made. Expect to see the Administration defend how it has spent new resources to expand CISA’s workforce, strengthen private-sector partnerships by maturing the Joint Cyber Defense Collaborative, show measurable progress in securing federal systems, and demonstrate its value in strengthening critical infrastructure and private sector cybersecurity.

Not surprisingly, this reality means that the “CISA 2025” plan, conceived by Rep. John Katko (R-NY), and his cyber subcommittee ranking member Rep. Andrew Garbarino (R-NY), may become a distant memory; the centerpiece of that notion, ushering the agency towards an eventual $5 billion annual budget, is likely a non-starter in the current environment. Negotiating the annual budgets for CISA and agencies like it will be an atypically hard challenge.

So, get ready for a year in cybersecurity that’s largely dominated by hearings featuring cabinet and sub-cabinet level officials responsible for the direction of cybersecurity policy defending their actions from the last two years. They will be joined by federal cybersecurity contractors and commercial sector cyber service providers, who will be asked to talk about what works and what doesn’t, and what lessons the federal government can learn from the commercial sector.

As Congress gets underway for its 118th session, the Monument cybersecurity team will be tracking legislative and executive branch developments to inform and advise clients as committees like House Homeland lean into oversight responsibilities.

Andy is a Principal at Monument, where he works across the firm’s telecommunications, cybersecurity, and technology practices. Andy spent nearly a decade on Capitol Hill, where he worked in both chambers and focused on the intersection of telecommunications and cybersecurity.