Collins: Put Cyber "Czar" in DHSInfluential Senator's Plan Would Shift Power from White House
The ranking Republican on the Senate Homeland Security and Governmental Affairs Committee proposes the administration's cybersecurity coordinator be posted to the Department of Homeland Security and not the White House, putting her at odds with the panel's chairman, a vocal group of congressional representatives and an influential government-private sector panel.
In a speech delivered Monday at the Homeland Security Policy Institute at George Washington University, Sen. Susan Collins said the White House is ill-equipped to coordinate cybersecurity policy and process. "Effectively managing government cybersecurity is going to require more than a few staff crammed into a cubicle in the depths of the White House," the Maine Republican said.
Collins proposes establishing a cybersecurity center anchored within DHS with a strong leader who would coordinate gaps that exist in what she perceives as disjoined federal IT security efforts. The director, who would be confirmed by the Senate, would enforce compliance with cybersecurity standards developed by the Office of Management and Budget and the National Institute of Standards and Technology.
Some of Collins' views parallel revisions in the latest version of legislation aimed at reforming the Federal Information Security Management Act sponsored by Sen. Tom Carper, D.-Del., such as granting the director the authority to review - but not approve - IT security budgets and IT acquisition policies of other agencies. "The Director should not be responsible for micromanaging individual procurements or directing investments," she said. "But we have seen far too often that security is not a primary concern when agencies procure their IT systems. Recommending security investments to OMB and providing strategic guidance on security enhancements early in the development and acquisition process will help bake-in security. Cybersecurity can no longer be only an afterthought."
Last week, Sen. Joseph Lieberman, the Senate committee's chairman, endorsed the idea of a Senate-confirmed cybersecurity adviser in the White House, a position favored by a number of other lawmakers as well as the Commission on Cybersecurity for the 44th Presidency, a panel of highly respected public and private sector commissioners who proposed late last year an Office of Cyberspace in the White House.
"Some will argue that a single federal department or agency is not muscular enough to direct other federal departments and agencies to secure their IT infrastructure," Collins said. "But Congress has dealt with complex challenges involving the need for interagency coordination in the past. We have established strong leaders with supporting organizational structures to coordinate and implement action across agencies, while recognizing and respecting disparate agency missions."
Collins envisions the cybersecurity director to serve as the principal adviser to the president on cybersecurity. "For day-to-day operations, the center would utilize the resources of DHS, and the director would report directly to the Secretary of Homeland Security," she said. "These dual lines of responsibility would give the director sufficient rank and stature to interact effectively and directly with the heads of other departments and agencies and with the private sector."
President Obama in May proposed naming a cybersecurity coordinator who would manage cybersecurity policy from the White House, but not be as high ranking as some lawmakers and the 44th Presidency Commission proposed. Plus, that post would not require Senate confirmation, which drew the ire of Collins and others because of the lack of accountability to Congress. Obama's coordinator, a post that remains vacant, would report not directly to the president by to the heads of the National Economic and National Security Councils.
Collins said her plan doesn't mean the NSC - performing its traditional coordination role - would need to ensure that our military, intelligence and law enforcement activities complement and inform our efforts to protect our civilian networks. "But, she said, "that traditional role does not require a cyber czar. It requires a strong civilian counterpart to the secretary of Defense, director of National Intelligence and the attorney general. The director would serve as that counterpart."