Policymakers debate White House's role in cybersecurityLawmakers and public policy experts clashed Tuesday at a U.S. Senate committee hearing over whether cybersecurity control should be taken away from the U.S. Department of Homeland Security (DHS) and placed under the White House's purview.
The Committee on Homeland Security and Governmental Affairs heard testimony about whether an executive White House office in charge of cybersecurity coordination should be created, as recommended by the Commission on Cybersecurity for the 44th Presidency in December. That report said that a new National Office for Cyberspace (NOC), an executive White House office in charge of cybersecurity coordination, was essential for the United States.
Many have praised the commission's recommendations, but Stewart Baker, former assistant secretary of the DHS said Tuesday that he questions how effective and efficient a reorganization of government cybersecurity coordination would be.
“The more I've seen of government reorganizations, the more skeptical I've become about their value, and I'm especially skeptical about the recommendation to create a NOC,” Baker said.
He said reorganizing takes time. It requires things such as hiring staff, finding space and arranging IT support before any real work can begin. He said it could be years before the public sees any benefits from the new structure.
“I believe that the commission, and others who wish to strip DHS of cybersecurity responsibilities, fall prey to the perfection of imagined alternatives,” Baker said.
James Lewis, director of Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), said the White House should serve as the coordination point for cybersecurity. Placing control of cybersecurity into an office at 1600 Pennsylvania Ave. is a message that the country is declaring cyberspace a critical asset that will be protected, he added.
“The United States needs to develop a strong offensive capability and to place this capability in the context of a well-defined chain of command leading up to the president,” Lewis said.
“In the previous administration, the White House assigned DHS the lead role for cybersecurity, but this was beyond its competencies,” he added. “DHS is not the agency to lead intelligence, military, diplomatic or law enforcement activities.”
A power struggle among federal agencies has been growing in recent months. In early March, the director of the National Cybersecurity Center, Rod Beckstrom, resigned, saying the DHS's cybersecurity efforts are "controlled" by the National Security Agency.
Ranking member of the Senate committee, Sen. Susan Collins, R-Maine, compared Tuesday's debate with one several years earlier regarding the placement of the National Counter Terrorism Center (NCTC).
Ultimately, that division never was moved to the auspices of the White House, which Collins said allowed for critical Congressional oversight. The NCTC now follows the policy direction of both the White House and the National and Homeland Security councils.
While the debate over which entity should regulate cybersecurity has heated up in the Senate, the president's 60-day review of cybersecurity policy was recently concluded, with few details revealed. The report, though, is expected to recommend that the White House play a greater role in organizing cybersecurity policy.
Earlier this month, a bill was introduced in the Senate to establish the position of national cybersecurity adviser, who would report to President Obama. In addition, the president recently appointed a federal CTO and CIO.