Congress Debates Renewal of National Cyber Director RoleLegislation Calls for Creating Cybersecurity Office at White House With Staff of Up to 100
The U.S. should restore the position of cybersecurity coordinator at the White House because the number of threats against the nation is increasing, several security experts testified this week at a House hearing. But some Republicans question whether the move would create unnecessary bureaucracy.
See Also: Threat Briefing: Ransomware
The U.S. House Committee on Oversight and Reform hearing on the nation’s cybersecurity preparedness included discussion of a bipartisan bill introduced in June that calls for creation of a national cyber director role within the White House – a position eliminated by the Trump administration in 2018.
Cybersecurity experts testified that the cyber director role is necessary to help mitigate threats and coordinate strategy across all federal agencies.
"Unfortunately, as a nation we still remain woefully underprepared to deal with this ongoing and serious [cyber] conflict," Jamil Jaffer, the founder and executive director of the National Security Institute, told the committee. "It is estimated that the cyber-enabled economic warfare conducted by China - primarily focused on the U.S. private sector - drains private companies of billions of dollars a year, with total damage estimates running well into the trillions of dollars."
Under the pending legislation, called The National Cyber Director Act, the director would act as the president's principal adviser on cybersecurity (see: Commission Calls for Revamping US Cybersecurity).
"A challenge as complex and pervasive as cybersecurity requires that our government be strategic, organized and ready," says Rep. Carolyn Maloney, D-N.Y., chairwoman of the House committee and a co-sponsor of the legislation. Creating the cyber director position would help ensure the federal government can swiftly respond to cyberattacks, she added.
Another co-sponsor of the bill, Rep. Mike Gallagher, R-Wis., noted that under the legislation, the Office of the National Cyber Director would be staffed with 75 to 100 employees, enabling the federal government to create a comprehensive cybersecurity strategy.
Some committee members, however, including Rep. James Comer, R-Ky., expressed concern that creating that new office would add an unnecessary layer of bureaucracy.
"We cannot afford to introduce inefficiencies or bureaucratic hurdles to the government’s ability to respond to a national cybersecurity incident in real time," Comer said, according to The Hill.
Securing Critical Infrastructure
The committee also heard from Amit Yoran, CEO of cybersecurity firm Tenable, who pointed to a 2019 report by the company that found 90% of critical infrastructure operators stated their environments had been damaged by at least one cyberattack over the past two years, with 62% experiencing two or more attacks.
"The impacts here could vary greatly, which is why we need a systemic understanding of risk and why a national cyber director needs to work closely with the regulatory agencies that do exist," Yoran said.
A new cybersecurity office at the White House would help to ensure oversight of security throughout the government and enable better deployment of government cyber resources, Yoran testified.
This week's hearing took place the same day that several high-profile Twitter accounts - including those of Democratic presidential candidate Joe Biden and former President Barack Obama - were hijacked to propagate a cryptocurrency scam (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).
At a June hearing conducted by another House panel, experts warned that financial institutions are not equipped to mitigate the latest cyberthreats - including hacking campaigns, ransomware attacks, cryptojacking, intellectual property theft and business email compromise schemes - that have surged during the COVID-19 crisis (see: Congress Hears of Fresh Cyberthreats to US Financial Firms).