Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Calls Grow to Restore White House Cybersecurity Leader RoleLack of Cybersecurity Leadership, Direction Cited by Government Watchdog
The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish a White House cybersecurity coordinator role. The position would coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
In a new report, "Clarity of Leadership Urgently Needed to Fully Implement the National Strategy," the federal watchdog recommends that Congress consider legislation to designate a leadership position in the White House and give it the authority to implement and encourage action in support of the nation's cybersecurity.
President Barack Obama created the role of White House Cybersecurity Coordinator in 2009. The Trump administration eliminated the position two years ago, promising that the responsibilities would be delegated to others. But the GAO's report says restoring the position in some form is crucial for addressing continuing cybersecurity gaps in the executive branch.
Efforts to reestablish the position have bipartisan support. Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, and Republicans from the Cyberspace Solarium Commission have both backed the GAO's recommendation (see: Congress Debates Renewal of National Cyber Director Role).
"Cyberattacks are one of the top threats to our nation’s critical infrastructure, safety, and economic security," says Maloney, who has been driving legislation to recreate the position. "According to GAO, the White House lacks clear leadership in implementing the nation’s cybersecurity strategy, particularly in light of the administration’s elimination of the White House Cybersecurity Coordinator position in May 2018."
Maloney and 17 other Republican and Democratic lawmakers are sponsoring the National Cyber Director Act, which was introduced in June by Jim Langevin, D-R.I.. It calls for the creation of a White House-level cybersecurity post.
The bill would create the position of a national cyber director within the White House. The director would serve as the president's principal adviser on cybersecurity and associated emerging technology issues and function as the lead national-level coordinator for cyber strategy and policy.
The bipartisan Congressional Cyberspace Solarium Commission also backs the GAO's recommendation.
"The GAO report is further confirmation of the Solarium Commission's conclusion that strong, central leadership is needed to address increasing cyber threats," according to a statement from the Solarium Commission, which includes co-chairs Sen. Angus King, I-Maine, Rep. Mike Gallagher, R-Wis., along with Sen. Ben Sasse, R-Neb., and Langevin. "We strongly support GAO's recommendation that Congress enact legislation designating a leadership position in the White House for cybersecurity, complete with the authority and stature required to coordinate and integrate federal actions."
GAO: Current Cybersecurity Leadership Unclear
The GAO states in its report that the White House has lacked clear leadership in implementing the nation's cybersecurity strategy since the Trump administration eliminated the cybersecurity soordinator position in 2018, when it was held by National Security Agency official Rob Joyce, who subsequently returned to the NSA.
The decision to eliminate the role earned a sharp rebuke from information security experts, lawmakers and former government officials (see: White House Axes Top Cybersecurity Job).
The GAO report warns that this centralized position is needed now more than ever, especially because it's unclear which government official has the ultimate responsibility for coordinating the execution of the National Security Council's 2019 Implementation Plan, which describes the executive branch’s approach to managing the nation's cybersecurity.