Rep. Green on CISA cuts, China hacking and cyber as a bipartisan issue

NASHVILLE — Rep. Mark Green is on to his next 25-meter target.

In a keynote address at the Vanderbilt University Summit on Modern Conflict and Emerging Threats on Friday, the chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 500,000 professionals and burdensome digital compliance.

Recorded Future News sat down with the Tennessee Republican after his address to discuss Chinese hackers, the issues swirling about the Cybersecurity and Infrastructure Security Agency (CISA) and the state of congressional bipartisanship.

This conversation has been edited for length and clarity. 

Recorded Future News: On stage you alluded to the fact that Chinese hacker groups Volt Typhoon and Salt Typhoon are still in U.S. networks. Last month you, along with other members of your committee, asked Homeland Security Secretary Kristi Noem for more information on the agency’s response to the malicious campaigns. Any update?

Mark Green: Some of the stuff has trickled in but not all of it. We haven't started to review it, because we're kind of waiting on all of it.

We’re talking thousands of pages of stuff, so it takes a long time for somebody to go and run a copy of that.

RFN: Can you characterize the information received so far?

MG: It's substantive but we haven't dug into it yet.

RFN: You seem pleased with the administration’s response thus far. No thought about a possible subpoena for future information?

MG: No, no, no. That’s not necessary yet.

RFN: It’s been reported that the administration is planning to make major cuts to CISA’s workforce. What are your thoughts on such a move?

MG: Like every agency, there’s an opportunity to streamline in government and I think that is essential. There are probably some things that CISA is doing that the market could handle. But, there are core missions, the core mission which, as I said from the stage today, needs to be refocused on the infrastructure and protecting the infrastructure. 

Remember, CISA was formed under President Trump. He created it. He wants to see it refocused. I haven't had a conversation with him about it but I think he wants to see it refocused on what his intended purpose was. 

RFN: The administration disbanded the Cyber Safety Review Board. Does it need to be reconstituted?

MG: My idea is that it doesn't matter who does that mission but that mission needs to happen. And, honestly, the founders probably intended for Congress to do that oversight.

Congress, on so many levels, has abdicated its responsibility, given it away, to include actually writing regulations that wind up imprisoning Americans. The Supreme Court was right; A lot of that responsibility belongs to Congress and Congress has got to step up to plate and do it. 

It may be an oversight committee that does that CSRB mission. But if it gets reconstituted, we just need to make sure that it's doing it in the way that we need it to go.

The things they investigate need to be value added to the country's cyber defense. Some of the stuff they've done has been really good. I'd say the vast majority of it. The whole drill down on the Microsoft stuff was excellent and prompted me to bring the president of Microsoft in front of the committee.

It's not that they weren’t doing a great job: it's figuring out whose responsibility is that, and it may very well belong to Congress. 

So that would be in either my committee or [the House Oversight Committee] and probably [that] committee.

RFN: Sticking with CISA, any comment on the hold placed on Sean Plankey because of the agency’s refusal to publicly release an unclassified report on security practices at U.S. telecom firms?

MG: Having been nominated myself before for an administration job and had a hold placed on me, I can tell you that that's a pain in the ass. It's a disruption. And the senators need to be careful how they wield that. That's about all I'll say on that.

But CISA should release that report and we’ve asked for it, too.

RFN: Should it be released publicly?

MG: No. We ought to take a look at it. [The report] is official use only but getting all of Congress’ eyes on it is a good idea.

RFN: The president signed an executive order targeting former CISA chief Chris Krebs. What is your reaction?

MG: I don't know the specifics on Chris but if there's anybody who has done something inappropriate they probably don't need to continue to have a security clearance. But now I don't know the specifics of his case, I'd have to get into it.

RFN: On stage you suggested the U.S. should take some kind of action on foreign disinformation campaigns, even as CISA sheds the mission. Can you say what you’d like to see?

MG: My preference would have been to have the Biden administration release where we knew Russia was involved. Now you have to be careful with that, because that might reveal how we know Russia is involved or China or whoever.

I'm all for the transparency there, up to the point that it would reveal a method we have for determining it.

RFN: Which agency should take the lead?

MG: Ultimately, it's going to go up to the President and probably the administration is going to be making that call.

RFN: The committee’s passage of your Cyber PIVOTT Act was very partisan. Democrats opposed it because of Elon Musk advocating for federal workforce cuts while the legislation seeks to add future professionals.

MG: The exact bill was fine last cycle. They took a political opportunity to attempt to shoot down a bill that they voted for the year prior to stab at a guy who is just trying to create efficiency in government.

I am excited that he's looking at things like USAID and Social Security and all that stuff. I don't have a problem with it. But the Left does. Why? Why would they? Why would they be concerned about a guy like him with his capability… digging into potential fraud, waste and abuse? Well, I can't explain that. They should be asked.

RFN: Cyber has been a bipartisan issue in the committee in the past.

MG: Bipartisanship with [ranking member] Bennie Thompson (MS) and the Democrat leadership of the committee means you agree with them.

Bipartisanship I've tried to push on to the committee is when last cycle I put [Reps. Glenn Ivey (D-MD) and Dan Bishop (R-NC)] in a backroom and told them to figure [out legislation]. They figured it out. They worded it so that it worked for both of them and we brought that bill back and passed it. That's bipartisanship.

Bennie's idea of bipartisanship is me agreeing with him and that's not bipartisanship. I went to him on the Cyber PIVOTT Act before this all went down, and I said, ‘Look, man, I'm hearing you're not going to support this bill that you just voted for. What is it and what do I need to do?’ He said nothing. 

I’m sick and tired of people saying we're not trying to work in a bipartisan way. For Bennie, that means agreeing with him. For me, that means putting the two guys in a room and figuring out how to word it so it works.

RFN: Is the era of bipartisanship over?

MG: No, because there's got guys like Eric Swalwell (D-CA) who are co-sponsoring bills of mine on cybersecurity. It's not an issue of an absence of bipartisanship, it's no one wants to talk about it because they find it a political tool to say there isn't bipartisanship.