Jim Langevin, former chair of the Congressional Cyber Caucus and Democratic Congressman from Rhode Island, reflects on his belief that cybersecurity remains a bipartisan issue.
Jim Langevin, former chair of the Congressional Cyber Caucus and Democratic Congressman from Rhode Island, reflects on his belief that cybersecurity remains a bipartisan issue. He emphasizes the importance of collaboration between government and the private sector, and the potential of artificial intelligence in enhancing cybersecurity.
Timestamps:
[00:00:00] Blake: Hello, and welcome to We're In, a podcast that gets inside the brightest minds in cybersecurity. I'm your host, Blake Thompson Hoyer. And, joining me today is Congressman Jim Langevin, former chair of the Congressional Cyber Caucus and Democratic Lawmaker from Rhode Island. Uh, Jim, thank you so much for joining.
[00:00:15] Rep. Langevin: Thanks, Blake, It's great to be with you.
[00:00:18] Blake: Now I wanna jump right into the political side of things. You chose not to seek reelection in 2022, which feels like two political lifetimes ago. how Congress is currently operating, does that leave you breathing a sigh of relief?
[00:00:30] Rep. Langevin: Well, let me just say both. Me personally and professionally, it was the right time to leave. I was able to leave on my own terms, uh, undefeated. While I was young enough and healthy enough to do other things, I I wanted to start a next chapter and, uh, and I, I, I left. For me at the, at the right time, I'll put it that way.
[00:00:48] Blake: I was gonna say, I, I see you've taken on a number of advisory and mentorship roles since leaving Congress. So in addition to serving as distinguished chair of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College, what have you been up to?
[00:01:02] Rep. Langevin: I'm doing some work with the disabilities community. I serve as the policy ambassador for the National Organization on Disabilities. NODs primary mission is to increase employment opportunities for people with disabilities. I'm also uh, a strategic advisor for a Pallet and Capital group, uh, which invests in early, uh, stage technology companies, especially related to cybersecurity and artificial intelligence.
[00:01:26] So busy there. And then I'm advising, uh, a handful of, uh, of companies. It's been a, an interesting and a great next chapter, especially at Rhode Island College. We are helping to educate the next generation of cyber professionals and cyber defenders, uh, in a field that is vastly under-resourced.
[00:01:43] Where, where there are thousands of jobs in Rhode Island that go unfilled in cybersecurity right now. And there are by conservative estimates over a half a million jobs in cybersecurity that go unfilled nationally. And that number is only expected to grow. So, it's a labor of love and, and I'm enjoying, uh, what I'm doing at my alma mater, Rhode Island college.
[00:02:03] Blake: That's fantastic. And yeah, you mentioned the, the, the cybersecurity talent crunch that we have. I know that was an issue that certainly drew your attention well in the, in the halls of Congress. In fact, you were. I believe, if not the first, then certainly among the first US lawmakers to have attended the, the Defcon cybersecurity Conference, which listeners of the podcast are no doubt familiar with. But why did you go there?
[00:02:25] Rep. Langevin: Well, I, I went to Defcon because first of all, I was invited and I also believe that it's important to engage with the cybersecurity research researcher community, or the hacker community as by known by, by other names. Cybersecurity is not just government's responsibility, it's not just, the private sector's responsibility, it's a, it's a shared responsibility and really we needed to work together to make the internet more secure. And we obviously know that the internet was never built with security in in mind. We kind of layered security or tried to, you know, on top of this open architecture, free and open architecture. And I found, uh, you know, over the years that there are many white hat hackers that really just want someone to listen and to work with, to try to make the internet.
[00:03:11] Function the way it was originally intended. And the cybersecurity researcher community has a lot to offer and, uh, they just wanna know that, if they find something that they can report it and, and someone's gonna do something about it. So I thought it was a great opportunity to engage.
[00:03:28] My staff obviously briefed me on Def Con and said, you know, this is something you should do. And, and, and, uh, yeah, I was able to do a, a number of things in terms of, I spoke out there and then, uh, met with a number of people that, that attended.com. So,
[00:03:42] Blake: No hacker culture has its own kind of ethos and
[00:03:45] Rep. Langevin: yeah.
[00:03:46] Blake: about it. Uh, what, what does it mean to be a hacker friendly member of Congress? I've seen you styled as a quote, hacker friendly congress.
[00:03:53] Rep. Langevin: Thank you! Well, again, like I said, it's about willing to, to listen to people that are trying to do the right thing. People like Josh Corman who founded I Am the Cavalry and. 'Cause Jeff Moss from, uh, has engaged, uh, with policymakers as well, from Black Hat. And, uh, there's a number of other, people over the years that I've had the opportunity, the pleasure to, to meet.
[00:04:14] And it means that we're gonna partner where we can in terms of making the system better, work better. Programs like, uh, the Hack the Pentagon program that Ash Carter put together. And that was a, I I think it was a, a wonderful example of how, you know, government, private sector and, and white hat hackers can, can partner to, to find vulnerabilities and then, then report them getting them remediated.
[00:04:38] And I think we need to continue to, to do more to engage in, uh, collaboration and, and again, finding pathways where we find vulnerabilities, they can report it. It was a, I looked over, looked at it as like a, a partnership. So I, I know that probably one of the thing that, that most white hat hackers would like to see is a, is a robust vulnerability disclosure program at every department and agency, uh, at every business, let's say.
[00:05:03] And, and a way to report vulnerabilities when they're found and then know that they're, you know, someone's gonna pick up the phone, answer the phone, or answer the email and actually respond and do something about closing off the vulnerability.
[00:05:15] Blake: That's a really good point. 'cause I know that's been a huge source of frustration for well-meaning hackers over the years. If you just get Absolutely the phone slammed on you, the email's gone unresponded to, and here you might be sitting on something that an actual bad actor could exploit and, and use to their advantage and to the detriment potentially even of US national security.
[00:05:33] It's, no, that's a hugely important issue. I'm glad that you, uh, you called that out. Now we talk about Defcon, it's not always the friendliest turf in a way. I mean, I think sometimes hackers like to give, especially politicians a hard time about, you know, technical knowhow.
[00:05:46] Maybe grill you a little bit on whether you know all the zeros and ones and what's, what's working. But, what's something that you wish every member of Congress, you know, however fair or unfair that reputation might be of like, not understanding the techie side, but, what is something that you wish everybody understood about cybersecurity? It doesn't have to be technical, just, just some facet of the issue.
[00:06:05] Rep. Langevin: Well, that we, obviously, everyone knows we rely on the, the internet every day. We use the internet now every day. Uh, computers are, are use of computers as a way of life. And certainly I, I wish that all policy makers, whether it's in Congress or at the state and local level, took cybersecurity much more seriously and made it a priority.
[00:06:25] It is true that, you know what the white hat hacker community will say in terms of members of Congress, you may not have the technical know-how, uh, to, gauge in really strong cybersecurity themselves as individuals. I, I buy one for example, I don't have a technical background.
[00:06:42] I got my undergraduate degree in, in political science and public administration. I had a minor in economics. I got my, my master's in public administration, so I don't have a technical computer degree, but I know cyber policy. I know how to make laws and my grandfather's old device was, you don't have to be smart enough to have all the answers.
[00:07:01] You just have to be smart enough to, to know where to go and get them. And so you surround yourself with really bright people. And I was fortunate to have really bright talented people that, that did know the technical aspects of both cyber policy and cybersecurity. How computers work.
[00:07:16] So you, you, I wish every member of Congress had someone on their staff that, that is a technical expert, understands cyber policy and would help make it a priority. So as, as, as bills come up for consideration or for hearing, or votes on the floor, that, that they'll have a member on their staff that can do the deep dive on the research and properly brief the member so that the member of Congress is making an informed decision. That's how lawmaking works, right? Like, I know that members of Congress have to know a little bit about, just about everything, but nobody knows everything. you know, you have to rely on the, the town to people you have around you to make sure that they're doing the deep dive and then can synthesize it down to what the member can then, you know, no other pros and the cons and read the bill, read the legislation, and then make an informed decision.
[00:08:02] Blake: And not to harp on it too much, but I think that's why there was a sense, certainly in the cybersecurity community that your visit along with former representative Will Hurd, a Republican outta Texas, to Defcon, was pretty momentous in the, in the sense that it was somewhat of a uniting of the policy side and the techie knowhow hack into things side.
[00:08:22] You know, I think they were tinkering with voting machines one of the years you were there and trying to find vulnerabilities to, to protect the security and integrity of US elections, which is no small task. There's this sort of DC adage that's accepted that cybersecurity is somehow this, this magical bipartisan issue, right?
[00:08:37] That everybody likes cybersecurity. Is that still true? Is cyber still bipartisan? And, and how have you seen the ground shift on that front during Trump's second administration? So far.
[00:08:47] Rep. Langevin: So, so on balance, I still do think that cybersecurity is a bipartisan issue. Uh, I was of course, thrilled to be able to go out to Defcon with Will Herd, and he and I, uh, still remain friends and friendly. Even though, uh, he and I have moved on from Congress and are doing things in the private sector now, but he was one of the early voices that, uh, we need to do more about cybersecurity.
[00:09:10] And by the way, Congressman Mike Mccaul, congressman Mike Gallagher, two other republicans that I worked with, Dutch Ruppersberger on the Democratic side was someone I worked closely with and a number of other people. So, it was bipartisan then, and I still believe it's, it's bipartisan now.
[00:09:25] Not enough people that are taking a leadership role on cybersecurity, but I know thankfully, uh, Senator Angus King is still there. I served with him on the Cyberspace Solarium Commission. He's an outstanding United States Senator, an independent and, and looks for ways to find the bipartisan common ground on both cybersecurity and, and other important issues facing Congress.
[00:09:46] Senator Mike Rounds is a Republican congress, a senator that, that took an interest in cyber. Both Senator King and, and Senator Rounds were extremely instrumental in helping to get a bill across the finish line that I had championed for, uh, for about a decade. And that was the creation of the National Cyber Director, a senate confirmed position of the executive officer of the President, and without the leadership of 'cause the, the Cyberspace Layering Commission.
[00:10:12] And, uh, Senator Kings, Senator Rounds and Mike Gallagher. Uh, myself all partnering together in a bipartisan way. Uh, that legislation wouldn't have made it across the finish line, but we now have, uh, a national cyber director of the executive office of President, so, Um.
[00:10:26] Blake: Such an important role. I mean, for those who don't know, kind of how the sausage gets made in the executive branch, like having a point person designated to an issue like that is so critical to get at the attention that it deserves. It's not easy to find call outs for that if you don't have that sort of central resource and, and person to go to.
[00:10:41] Rep. Langevin: I hope that that role, it will continue to grow in importance. Whether it's the Trump administration or, or future administrations. And I hope that cybersecurity remains, remains a, a bipartisan issue. I am concerned about the cutbacks I've seen at, for example, at CISA, the Cybersecurity and Infrastructure Security Agency, another agency that I hope work on work to create and strengthen and a property resource over the years.
[00:11:05] And unfortunately, it's taken a turn when, when CISA's budget and, uh, personnel work work cut, and especially there was a cutting of funding for things like election security to state and local governments. That's really troubling. That's concerning because that's a, a resource that, uh, was being used to clove, close off an aperture of vulnerability that existed.
[00:11:29] You know, we, I often said that we'll will never be a hundred percent secure. There's no such thing as, as perfect cybersecurity, but we can close down that, that apture vulnerability to something. That is much more reasonable than it is today. And newer technologies like artificial intelligence, of course, will help to do that.
[00:11:48] But you still need the people right to, to do the, a lot of the, uh, the, the, the work. And you can have all the great policies and technologies in place without the people and the resources there. Uh, we're gonna be taking a step backward, uh, on cybersecurity, not forward. And, and that's I'm troubled by the budget and personnel.
[00:12:08] Blake: It's been, you know, I live in Capitol Hill in DC and, and obviously you know the Department of Government Efficiency, that's the talk of the town here, the, the CSA cuts in particular, I will say. Have been a little bit of a head scratcher for me too, mostly because I'm remembering CSA was stood up under the first Trump administration. So I I maybe it's naive of me to think that there might be some sort of a
[00:12:30] Rep. Langevin: Hmm.
[00:12:31] Blake: desire to, for continuity there a little bit. But, uh, no really good points. And I, I guess big picture looking even beyond CISA, how are you gauging do's impact on agencies writ large with the hand in cyber? 'cause obviously it's not just CISA.
[00:12:45] Rep. Langevin: Right. Well, first of all, you know, DOGE is looking for, uh, efficiencies is they're looking to, to cut out government ways to redundancies. I'm all for that. If we can, if we can do it in a, you know, a, a thoughtful derivative, way, I, I think it's, it can, maybe there's gonna be some positives that come out of it. But we need to, to apply this with a rational approach and a, a surgical approach using a scalpel as opposed to using the sledgehammer or the chainsaw. Sweeping aside years of talent and, you know, dedicated people and, and programs before you've actually had a chance to.
[00:13:24] Actually do the deep dive on what's working, what's not, and how can we, uh, bring efficiencies and get a better bang for the buck for the taxpayer. I'm all for that. And especially on, on cybersecurity programs, maybe there's too much stove piping and we need a more enterprise type approach to cybersecurity so that we've got better situational awareness and, and, you know, information sharing more effectively. Just wholesale smashing and, you know, cutting and, and firing people, is not the right approach.
[00:13:53] Blake: Right. And then often when you take that approach, we've seen this play out too, where you might need to even rehire or sign on, sign some of the contracts back again after mixing them. And, uh,
[00:14:01] Rep. Langevin: Exactly.
[00:14:02] Blake: it'll be interesting to see how it plays out. And what will you be looking out for the next couple years of Trump's second term here? I.
[00:14:08] Rep. Langevin: Well, again, uh, where are we going to strengthen our cybersecurity efforts? How are we going to do that? How are we going to protect the .mil network more effectively? How are we gonna protect the.gov network more effectively and how will we partner with the private sector and state and local tribal territorial governments to make sure that they are more secure as well?
[00:14:29] We are in this together and we wanna make sure that, uh, we have the right focus and talent and programs and resources in place to make us as cyber secure as as possible. And again, it is a partnership. No one has all the answers.
[00:14:44] And I don't know, there's gonna be a more of a shift toward state and locals. You know, you, you take on more the responsibility. But if we're gonna do that, then, you know, how are we gonna resource that, you know, we need to make sure that the, the state and local government's properly resourced. And, and CISA, of course, uh, nobody's in charge of protecting the.com world that we don't have a general or a director sitting on.com, directing that, you know, certain vulnerabilities need to be closed off.
[00:15:12] The American people, of course, wouldn't want that level of intrusion in the, the private network. So I'm mindful of, of protecting privacy and civil liberties. But again, it, you need to have that, that partnership and wherever government can bring in resources or can information share more effectively, we need to do that.
[00:15:29] So, what I will be looking for, case in point number one, is that the Information Sharing Act of 2015 is, uh, for reauthorization grievance in September. Uh, now, I, I understand that Secretary Kristi Noem has called for reauthorization of that information sharing bill when she was at the RSA conference.
[00:15:48] I'm hoping that that act gets, uh, reauthorized sooner rather than later and not wait till September to do it. But that was a hard fought, piece of legislation to get across the finish line. Because when I first started in cybersecurity, one of the things I said, well, okay, if we, since there are vulnerabilities, when cyber attacks are going on, we need to just share that information broadly at network speed so that everybody is protected.
[00:16:13] And then you find out that, well, the, you know, the corporate lawyers say not so fast. We're not sharing information because we don't wanna be accused of collusion or anti-competitive practices so there was a, a number of things that we had to do to make sure that we were that we were, uh, protected.
[00:16:31] So they passed the information sharing bill. And that was what we thought brought down a lot of barriers to any of the legal blocks in the road for share. Unfortunately, it didn't, it never really panned out to be the panacea, the whole, you know, the realize, the full promise that I very hope that it would, but it, it did help.
[00:16:50] And we want to continue that the ability for, for companies to information share so that we are more secure.
[00:16:55] Blake: Right. At minimum breaking down, like you said, some of those liability concerns that large corporations might have, and making sure that everybody's operating with some of the same intel is still better, certainly better than no protections in place at all, and no, uh, no act, of 20, 20 15. You mentioned earlier, I did want to circle back to the AI point.
[00:17:15] I, I just, you just kind of flipped at it, that this is, you know, obviously it's kind of mandatory to talk about these days and certainly in your, in your role at Rhode Island College. I imagine that's coming up a lot with students and with, you know, people wanting to stay at the forefront of these emerging technologies. How do you see generative AI and, you know, these AgTech technologies that seem to be the buzzword of the day affecting the balance of, of cyber offense and defense?
[00:17:39] Rep. Langevin: Yeah, like, like with any new technology, I see AI, really enhancing cybersecurity and there's gonna be a lot of upsides, I believe, to ai. But like with any technology, you know, the bad actors will also take advantage of it for their advantage as well. And, and they're gonna use it to find ways around cybersecurity protocols that are, that are put in place.
[00:18:00] We just hope that there's more of an upside than downside, but I think that, that, that ai and we're already seeing it, AI can detect, anomalies much more, uh, quickly than, than it had been in the past. Again, i's vast amounts of data. So hopefully it will make cybersecurity more effective.
[00:18:18] If you think about the, the concept of digital twinning, which is a, a virtual, uh, model of a physical or virtual system. And if you are able to monitor, uh, a, a network in real time and see anomalies as they're happening, that in of itself should help the things that need to be acted on, most quickly.
[00:18:38] So, uh, I, I'm hopeful that AI will bring a lot of of good things, but we have to prepare for the downside. I'm actually chairing the Governor's AI task Force right now because Governor Dan McKee wants, uh, Rhode Island to be well positioned to take advantage of the upside of ai, but again, protecting against its downside.
[00:18:58] Blake: Right. Right. And as with any new technology, there are gonna be vulnerabilities introduced. There are gonna be adversaries leveraging it as you,
[00:19:04] Rep. Langevin: yes,
[00:19:04] Blake: uh, kind of TBDI feel like I, I always ask that question of, who's it gonna help more attackers or defenders. But I, I think the jury's still out and it's still a
[00:19:12] Rep. Langevin: it is.
[00:19:12] Blake: early to tell.
[00:19:13] Uh, but it, it's, it's always interesting to hear perspectives on that. Now this is obviously a cybersecurity podcast. We've spent some time talking about cisa and hackers and cyber policy making, but your tenure in Congress was marked by, and, and in state government before that was, was marked by action on a, a range of issues, you know, healthcare, environmental protections, accessibility and advocacy for people with disabilities.
[00:19:35] You mentioned that briefly at the outset. What's an issue outside of cyber or tech or AI that you wish cyber practitioners would, would pay more attention to, or, or that they could benefit or learn from?
[00:19:49] Rep. Langevin: One of the things we are doing at, at Rhode Island College, is we offer a, a major and a minor in cybersecurity, but we also offer a major and a minor, two minors in artificial intelligence. And one of those minors in artificial intelligence doesn't require, it's not a, technical degree, it doesn't require a technical background.
[00:20:07] It's actually applications of ai. So we are looking kind of holistically at, you know, across any field, whether it's in the medical field or in education, financial field. How can you, you use AI tools to be effective at your job and, and, uh, be more, more productive and, you know, take out the mundane aspects of, perhaps doing a job that may be a lot of, you know, uh, kind of boring data entry, but AI will help to auto automatically populate a lot of the information for the employee. Um, so I, I would like to see more people, uh, being proactive about upskilling. And that's what we hope to be able to facilitate.
[00:20:46] It's one of the findings in the governor's AI task force. We're also gonna be offering credentialing programs. One of the things that we'll do, we're offering a credentialing in, in cybersecurity right now to help people get their foot in the door. So it doesn't require, let say a two or four year degree to get into the field of cybersecurity.
[00:21:03] Getting a, a credential, we'll get you on the path to it, hopefully a, a good paying job. And, uh, and we're gonna do the same thing, uh, with artificial intelligence as well. But you are looking at things like K through 12 education. It's gonna be important both for the teachers and for the students to understand how to use ai and those are things that I'm working on right now as well.
[00:21:26] Blake: This segues into an issue that you spoke to briefly earlier, but I wanted to circle back to, which is that notion of the talent gap, right? And getting people whether K through 12 onward into higher education, interested in engaged in a cybersecurity career. Now, of course there's so much market uncertainty.
[00:21:42] You're seeing the private sector slow down. In some respects, there have been changes in government functions and agencies and cuts. What are you saying if somebody comes to you and says, Congressman, I, I am interested in a career in cybersecurity, a young promising student. what do you say to them?
[00:21:58] Rep. Langevin: Well, there was still a lot of jobs that go un field in the field and, and I would tell young people, especially today don't overlook the fact that you're growing up as a digital native. And understand technology far better than someone say, like myself, who I've had to kind of grow up learning about computers as I've, as I've gone and look back and say, okay, how does this technology work?
[00:22:18] Where kids these days take to technology, like fish to water and, and they have skills that they probably not even aware that they have, but just intuitive for them. And so I, I would, still encourage people, I, I still do, to encourage them to look at a, a field like cybersecurity. Also harnessing the skills of, of artificial intelligence.
[00:22:38] It's gonna be increasingly important in the job market going forward, to be familiar with AI. One of the statistics that, uh, that we came across in our work on the, the Governance's AI Commission Government McKees AI Commission, is the fact that, well over 60%, I think it was in the upper sixties percent of employers were, are more likely to hire an employee that has some AI skills, but less experience over an employee that has a lot more experience, but no AI skills. AI is gonna be increasingly more and more relevant as a skill to have and to, to master. And you don't necessarily have to have a degree in it, but you have to be familiar with how to use the technology and. And be effective at it.
[00:23:21] Blake: I'm trying to integrate it more into my workflows and daily life as well. It's a whole new skill to learn and Yeah. I, I appreciate your point. Don't underestimate that. If you're coming into it as a digital native and, and have just been, you know, using these apps and. AI tools.
[00:23:34] I've got an 18 month old, and it's kind of alarming. I, I don't even, we try to shelter him from technology and phones as much as possible, but if he gets his hand on a phone, he already knows how to swipe. Where did you pick that up? How did you
[00:23:44] Rep. Langevin: Alright.
[00:23:44] Blake: really amazing. Uh, so finally, and thank you so much for your time and insights today, Congressman. But we, we do have a question that we ask all of our guests on the podcast, which is, what's something that we wouldn't know about you just by looking at your LinkedIn profile?
[00:24:01] Rep. Langevin: Yeah, it's, I guess I would say that I'm a big sci-fi fan. I love Star Wars and Star Trek. That's something that, I'm a trecky. Uh, I am a, you know, child.
[00:24:10] Blake: both? Is that allowed? Are they,
[00:24:11] Rep. Langevin: Oh, I hope so. I love both, so, yeah. Yeah. So that's me. That's definitely, that's not on my LinkedIn page, so, uh, but I'm, I'm a huge Star Wars fan, so
[00:24:21] Blake: Oh, that's, that's good. I hope you, I hope you're all caught up on and, or no, no spoilers for our listeners if they're not, because it's a, it is an excellent one.
[00:24:27] Rep. Langevin: yeah. Not, not yet, but, uh, I, I, I need to do that.
[00:24:31] Blake: Excellent. Excellent. Well, thanks again for joining me on the podcast. Great to have you, uh, Congressman Langevin.
[00:24:37] Rep. Langevin: Thank you, Blake. It's great to be with you.