Governance & Risk Management

W.H. Cyber Office Questioned

Concern Over Lack of Oversight Raised
W.H. Cyber Office Questioned
Opposition to the creation of a cybersecurity office within the White House surfaced at a Senate hearing Tuesday, as the ranking Republican member of the panel and a former Department of Homeland Security official pointed to problems they perceive such a post would present.

Several bills before Congress, including a measure to be introduced Tuesday to reform the Federal Information Security Management Act, call for the creation of an Office of Cyberspace that would establish policy and coordinate information security across the federal government. White House cybersecurity advisor Melissa Hathaway, in a speech last week before the RSA Conference, strongly suggested the need for such an office.

But Sen. Susan Collins, R.-Maine, ranking member on the Senate Committee on Homeland Security and Governmental Affairs, said establishing such a White House office could limit Congressional oversight on cybersecurity. Instead, she said Congress should consider leaving much of the coordination of federal civilian cybersecurity to the Department of Homeland Security.

Because of the separation of powers, Congress is limited on compelling White House officials to testify before its committees, a constraint that doesn't exist with officials from cabinet departments and agencies. "We have to proceed carefully so we don't create a whole new round of turf battles and inadequate Congressional oversight," Collins said at Tuesday's committee hearing on cybersecurity.

Stewart Baker, former Homeland Security assistant secretary for policy, testified that creating a cybersecurity office within the White House wouldn't necessarily speed up the government's increased response to cyber attacks as it would go through the growing pains of any new organization.

Supporters of a White House cyber office point to failures within existing agencies in addressing cybersecurity as a reason to create a new organization, Baker said, adding that supporters have an idealized vision and unrealistic vision of that new group. "Since the whole point of the new organization is to cure the failings of the old organization, I think it's fair to say that the proponents of change never imagine an understaffed, overworked agency that drops balls," Baker said. "More or less by definition, an organization that does not exist does not have any flaws. So there's a great temptation to give this new organization great responsibility. After all, the old agencies have sometimes failed, and the new agency has not."

Baker conceded that Homeland Security's execution of its cybersecurity responsibilities in the past have not been perfect, but the department has spent much of the past year improving its record. "It has able new leadership and a head start on creating the capabilities it needs," he said. "I would be inclined to build on that foundation rather than starting over."

James Lewis, a senior fellow for technology and public policy at the Washington think tank, the Center for Strategic and International Studies, said a major reason previous administrations have failed to secure the nation's digital infrastructure was divided responsibility among many agencies and White House offices. "Our opponents exploit these divisions," he testified.

"In the previous administration," Lewis said, "the White House assigned DHS the lead role for cybersecurity, but this was beyond its competencies. DHS is not the agency to lead intelligence, military, diplomatic or law enforcement activities. This does not mean that DHS does not have an important role; however, and properly scoping the role and responsibility of DHS and then providing adequate resources for those responsibilities is an urgent task for this administration."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.