Commission to recommend DHS loses cybersecurity oversight role

By Jason Miller
Executive Editor
FederalNewsRadio

The Government Accountability Office Tuesday issued three separate reports on the Homeland Security Department’s progress in securing federal computer networks and working with industry to help them defend their information technology systems.

Auditors in all three reports found significant shortcomings from organization inefficiencies to not making warning to other agencies and industry based on timely and actionable information to making sure it updates their cyber exercise, called Cyber Storm, before running the next one.

David Powner, GAO’s director of information management issues, told House Homeland Security Committee lawmakers Tuesday that until DHS addresses many of these issues, the nation’s cyber infrastructure remains at “unnecessary risk of significant cyber incidents.”

But experts say GAO’s latest findings are symptoms of a larger problem. The cyber threat has grown beyond DHS’s ability to organize and oversee.

Jim Lewis, the director of the Center for Strategic and International Studies’ technology and public policy program, says the federal agencies face a problem of international proportions. He adds that the government needs an organization that can bring all the different pieces together to defend federal networks.

“Only the White House has the authority to oversee cybersecurity,” Lewis says. “Many functions need to move to the National Security Council.”

This idea will be a key recommendation from the Commission on Cyber Security for the 44th Presidency.

Lewis is the project director of the commission. He told lawmakers on the Emerging Threats, Cybersecurity and Science and Technology subcommittee that the U.S. lacks a coherent strategy for addressing this challenge.

“The intelligence community has the necessary capabilities, but giving it a lead role poses serious constitutional problems,” Lewis says. “The Defense Department is well suited to manage a national mission, but giving it the lead suggests a militarization of cyberspace. We concluded that only the White House has the necessary authority and oversight for cybersecurity.” Lewis add that the Office of Management and Budget’s e-government and IT office has done a good job over the past seven years in improving federal cybersecurity. But OMB’s e-government office’s role doesn’t reach high into the White House.

He says agencies don’t look to OMB for counter intelligence, terrorism or law enforcement cybersecurity guidance.

This preliminary recommendation follows several existing federal models. Previous administrations have put other priorities in the White House including the Drug Czar, weapons of mass destruction and counter intelligence.

Rep. Jim Langevin (D-R.I.), the subcommittee chairman, says the model the commission is proposing is similar to what the Bush administration did with the intelligence community. The Office of the Director for National Intelligence oversees and coordinates policy decisions for the 16 intelligence agencies. While the Office of Management and Budget works with ODNI on budget issues.

“We need to elevate the issue of cybersecurity and have better coordinated strategy on cybersecurity,” he says. “I don’t think it has been thought out well enough yet and the design to have a lot of it in DHS with no clear person in charge is the right strategy.”

Langevin and ranking member Mike McCaul (R-Texas) also announced at the hearing the launch of a new House Cybersecurity Caucus.

“The purpose of this caucus is to raise awareness and provide a forum for members representing different committees of jurisdiction to discuss the challenges in securing cyberspace,” Langevin says. He adds the caucus will have its first meeting in January.

Paul Kurtz, a former special assistant to the President for cybersecurity, says the caucus is a good idea because it will focus the direction of where cybersecurity and the next administration needs to go.

But Kurtz was quick to add that the executive branch must reorganize.

McCaul says the committee’s priority is to make sure cybersecurity is on the next administration’s radar screen.

Congress also will play a role. CSIS’s Lewis says the next Congress must revamp three key pieces of legislation-the Clinger Cohen Act, the Federal Information Security Management Act and certain investigative authorities as related to cyber space.

Lewis calls this work “an unavoidable challenge.”

The commission still is debating its final recommendation as it relates to regulations and laws. Lewis says what they do know is the new organization in the White House must not be prescriptive in nature, but define minimal security thresholds.

—–
On the Web:

FederalNewsRadio – New cyber strategies under development

Government Accountability Office – DHS faces challenges in establishing a comprehensive national capability (pdf)

Government Accountability Office – DHS needs to better address its cybersecurity responsibilities (pdf)

Government Accountability Office – DHS needs to fully address lessons learned from its first Cyber Storm exercise (pdf)

(Copyright 2008 by FederalNewsRadio.com. All Rights Reserved.)

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.