Pros and Cons of a Cybersecurity Czar
Add IT advisor Gartner to those who feel a cybersecurity czar is unnecessary. In a recent report, Gartner says what the nation needs is a federal chief information security officer, not a cybersecurity leader. "The bottom line is that increasing the national cybersecurity is an operations issue," the Gartner report says. "The problems are well-understood, solutions are known, and gaps have been identified. Organizations with high security in private industry and government almost invariably have a strong security office and a chief information security officer, and that should be the model that the U.S. government follows."
Gartner joins a small, but growing chorus of people who question the need of a White House operation leading cybersecurity. Sen. Susan Collins, R.-Maine, ranking member on the Senate Committee on Homeland Security and Governmental Affairs, said establishing such a White House office could limit Congressional oversight on cybersecurity. Instead, she said, Congress should consider leaving much of the coordination of federal civilian cybersecurity to the Department of Homeland Security.
Should there be a strong presence in the White House to guide cybersecurity policy?
Because of the separation of powers, Congress is limited on compelling White House officials to testify before its committees, a constraint that doesn't exist with officials from cabinet departments and agencies. "We have to proceed carefully so we don't create a whole new round of turf battles and inadequate Congressional oversight," Collins said at a committee hearing on cybersecurity late last month.
At that same hearing, Stewart Baker, former Homeland Security assistant secretary for policy, testified that creating a cybersecurity office within the White House wouldn't necessarily speed up the government's increased response to cyber attacks as it would go through the growing pains of any new organization.
Still, more voices seem to support the idea of establishing a White House office to oversee federal cybersecurity. The highly respected Commission on Cybersecurity for the 44th Presidency calls for one, as do two bills before the Senate.
Commission Co-Chair and retired Air Force Gen. Harry Raduege, in an interview with GovInfoSecurity, said the panel felt a need to elevate the importance of cybersecurity and establish oversight at the highest level of government because information technology permeates every part of the our national life. With a number of agencies involved in cybersecurity, Raduege said, the commission felt that government needed "someone who would orchestrate and pull all of those responsibilities and key activities together."
A public-policy group financed by major defense and IT contractors calls for the creation of a high-level cybersecurity executive in the White House. "Leadership is the key issue to solve most, if not all, U.S. cybersecurity issues, problems and challenges," a recent report issued from the Intelligence and National Security Alliance says. "Progress in any cybersecurity area cannot occur without proper leadership because roles, missions and responsibilities overlap and are not sufficiently clear. Without firm leadership, attempt to make real progress will be lost."
Should the government establish an Office of Cybersecurity in the White House? Share your thought below.