During Tuesday’s House Homeland Security Committee hearing, Rep. Andrew Garbarino (R-NY) questioned experts about information sharing oversight and regulations.
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Category
🗞
NewsTranscript
00:00The gentleman yields back. We will have another round. I now recognize myself for five minutes
00:06of questions. Thank you all for being here today. Back again, I guess. In my submitted
00:14comment to former CISA Director Easterly on the CERCIA notice of approvals rulemaking,
00:19I highlighted that Congress did not intend for CISA to subject numerous entities to its
00:23reporting requirements. Rather, Congress intended for CERCIA to facilitate rapid information
00:28sharing. That is not being achieved. We are all here talking about it and what should
00:35happen with future CERCIA. You said BPI, you sent a letter saying withdraw and reissue
00:43the rule. Mr. Aronson and Mr. Marybough said ex parte could be a way to do it. Schwartz,
00:49I'm sorry I had to leave in the middle of your testimony. I don't know what position
00:51you took. I'm of ex parte. Do you believe an ex parte could work? I understand. We have
01:01a timing issue which is the problem under the law. There's a timing issue and I'm not
01:04sure we can meet the timing that the law requires if we fully withdraw and reissue. Can an ex
01:12parte fix the issues? We would very much support an ex parte process. We asked for further
01:17engagement and never got it, frankly, through the process thus far. We believe that that
01:22rule as proposed should not be implemented and we would rather take additional time and
01:26we are prepared to work with CISA and would like an iterative dialogue to make sure we
01:30get this right. It's too important. We stand ready. We want to see this be successful.
01:37I think the stakeholder engagement, given the complexities of the issue here, we do
01:41need that. That rule as proposed, please do not implement that. Mr. Chairman, I think
01:49that this committee can be very helpful in urging CISA to grant our request for ex parte
01:57starting tomorrow. If we can work with the agency and provide our expertise and information
02:05about how we operationalize incident reporting, that can be integrated into their rules in
02:13the fall. But if we don't have that possibility to engage with them, which they clearly rejected,
02:20time and time again we've made the request, I think this is going to go down a path that's
02:24going to be very problematic for CISA and extraordinarily burdensome and costly for
02:29our sector. As you said in your testimony, this will be more harm than good here. Yes.
02:33Listen, I agree with all of you that this rule should not be implemented
02:37as currently presented. And if it was, I would lead the effort to CRA it.
02:47But it's good to hear that you all believe, I think, an ex parte could work because
02:50I want this to work. I know the ranking member and the former chair, Clark,
02:56all want, they want this rule to work. This is a big focus of mine, a big focus of now Chairman
03:02Green's. I'm happy he was here today. Harmonization, making sure incident and information sharing
03:09happens and happens in the correct way. So I want this rule to work and I will be,
03:15following this hearing, I'll work with committee staff on both sides to make sure that we reach
03:20out to CISA. I know they just nominated a new potential director this morning. I'm excited to
03:27see. No, not you. But Mr. Planky, I think, could do a very good job. I've met with him.
03:33Director Eastley had very nice things to say about him. So I think they may be willing to
03:39relook at this and move into an ex parte. One of you mentioned something and I want to go with
03:45this because we talk about harmonization and how agencies don't listen to you all. And one of you
03:51brought up the SCC rule, maybe all of you brought up the SCC rule, which I've been fighting and
03:55we passed the CRA out of committee, but because the Senate moves so slow, our time clock ran out
04:00over there. And I know the ranking member was also against it. One of you brought up the
04:06national security concerns. ONCD, I think, has national security concerns with that rule
04:11in your testimony. Can you speak to those, please? It might have been all of you that talked about it.
04:16It may have been me who brought that up. So it's a perfect example of rules that don't add to
04:22security and, in fact, create vulnerabilities, as I mentioned. Bad guys, cyber criminals,
04:28enterprises can manipulate the process of disclosure in ways that certainly were not
04:34intended and would not be helpful. So from a national security perspective, that particular
04:39rule, I'm not sure it does anything to enhance our national security. I would actually say it
04:47probably harms our national security. I think this is the challenge that we've kind of talked a bit
04:51about now here, is you have independent agencies that are doing something within their narrow lane.
04:56And so for the SEC, they think that investors need to know this information.
04:59I think we would argue that investors aren't really utilizing this information. It's not
05:03helpful to them. It's actually putting them at greater risk. But because an agency continues to
05:07look without somebody at the top sitting across and exercising oversight to say, does this really
05:12make sense? Is it in the best interest of the nation? We wind up with a lot of these duplicative,
05:17overlapping, deeply harmful rules. So to the extent that Congress in this committee is ready
05:22to engage and help lead this effort, we do need an overall view to look at what is helpful versus
05:27what is harmful. And the SEC rule is classic of what is harmful at this point. And I appreciate
05:32that. And when I had Chairman Gensler in front of financial services, I asked him which was
05:37more important, investor knowledge or national, if investor information was more important than
05:43national security, he said no. So I think now it's time for the new SEC to look at this rule
05:50and correct it. Because I've been told by people at CISA and industry that they've had to stop
05:58sharing information before, timely information, in order to comply with the SEC rule. And that is
06:04not good for anybody. I believe everybody who's been here for the first round is done. So we're
06:10going to start a second round of questions. And I recognize the ranking member from California,
06:15Mr. Swalwell, for his second round. Great. I appreciate that, Chairman.