U.S. leaders must establish new ways to boost cybersecurity, but the onus of defending against campaigns such as the one presumably run by Russia to influence the 2016 presidential election may fall to federal agencies and U.S. citizens if Congress and senior officials can’t get the job done, according to one congressman.

“In the same way that we are now better at our diets and sorting out junk food, and better at pollution and keeping our environment clean, we’re going to have to learn new skills of keeping the pollution and junk food” out of cybersecurity, Sen. Sheldon Whitehouse said Nov. 28 at the CyberCon 2017 conference in Arlington, Virginia..

Much of the work in improving cybersecurity across the country lies in the hands of the American people and federal agencies, he added, noting that the U.S. can’t necessarily rely on lawmakers or top leaders to get the job done. It’s particularly pressing as the U.S. faces emerging threats online.

“We have seen in the last election, and we’re going to continue to see … a melding of cyber hacking and weaponized fake news that is used to manipulate American public opinion to the advantage of foreign antagonists — that is a fairly new phenomenon,” Whitehouse said.

“The cyber part is not that complicated; hacking the [Democratic National Committee] was an afternoon’s work for somebody. But the strategy of using that information and running through a weaponized fake news matrix in order to get information out selectively and affect American public opinion isn’t going away.”

Whitehouse highlighted a range a potential ways Capitol Hill lawmakers and U.S. officials could boost federal cybersecurity, including an inspector general-type role that monitors federal agencies and their network security. He added that a “roving IG for cyber” could become an office that serves as a resume-booster for those who work there and a driver of better cyber hygiene throughout the government.

“It was distressing to me when Attorney General [Jeff] Sessions came into the Judiciary Committee the other day and he could not name the person in the Department of Justice responsible for cybersecurity legislation,” Sen. Whitehouse said.

“My guess is there is no such person, but that’s not where we should be. [Director of National Intelligence Dan] Coats and Attorney General Sessions should begin this conversation now … because getting through Congress on this is a mess.”