Creation of White House cybersecurity office remains uncertain
Chances are 'there will not be one king,' one lawmaker said
Computerworld - It's unclear whether a report being prepared for President Barack Obama on federal information security preparedness will support recent calls for the creation of a new cybersecurity office within the White House, two lawmakers said today.
Instead, the report may recommend a more collaborative and cooperative strategy among federal agencies on the issue of cybersecurity without a single agency or department in charge, they said.
Members of the U.S. House Cybersecurity Caucus today met with Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council.
Hathaway, who is conducting a 60-day review of federal cybersecurity preparedness on behalf of the president, today presented a status report to members of the caucus.
Speaking with reporters after the briefing, Rep. James Langevin (D-R.I.), co-chair of the caucus, and Rep. Yvette Clarke (D-N.Y.), chairwoman of a subcommittee within the Committee on Homeland Security, said it was unclear yet what Hathaway might recommend.
Rather than "include another structure" within the White House, there may be a call for an increase in staffing within the White House Office of Management and Budget (OMB) in a bid to improve its current role of overseeing government cyberaffairs, said Langevin. Chances are "there will not be one king," he said.
Langevin co-chaired a commission at the Center for Strategic and International Studies, a bipartisan think tank, that has called for the creation of a centralized cybersecurity office in the White House to be named the National Office for Cyberspace. The new office could combine the National Cyber Security Center (NCSC) and the Joint Interagency Cyber Task Force, two existing agencies that are handing cybersecurity today.
The U.S. Government Accountability Office (GAO) has also called for a new office dedicated to cybersecurity within the White House. Calls have been prompted by what is perceived as the inability of the U.S. Department of Homeland Security to lead the nation's cybersecurity mission.
Hathaway's report will also look at public-private partnerships in the area of information security and address the issue of ownership of such partnerships, Clarke said. The review will examine what regulations and incentives are most likely to engender cooperation from the private sector, she said.
Langevin said that as part of the effort, Hathaway is talking to various regulatory bodies to figure out what is working and what isn't. "Clearly, this is not going to be one or the other. It's going to be a combination of both," Langevin said, pointing to the model employed by the federal government to address the Y2k problem as an example.
In conducting the review, Hathaway is soliciting input from privacy and civil rights groups that might be concerned about the implications of the nation's cybersecurity efforts on privacy and individual rights, the representatives said. Such concerns came to the fore recently following the resignation of Rod Beckstrom as director of the NCSC. In quitting, Beckstrom cited lack of support for his office from within the DHS and what he said were the growing number of attempts by the National Security Agency (NSA) to take control of domestic cybersecurity affairs.
Beckstrom's resignation lifted the lid on widespread opposition to the notion of a spy agency such as the NSA playing a leading role in national cybersecurity affairs.
Tech watch: Obama administration
- Obama's Web 2.0 'town hall' draws 92,000 users
- New federal CIO Vivek Kundra wants a Web 2.0 government
- White House changes course, appoints its first federal CIO
- Obama's plans for health care IT: Too much money too soon?
- Obama taps Bush aide to review federal cybersecurity efforts
- Obama lauds Intel plan to invest $7B in chip plants
- Obama plan says cyber infrastructure is 'strategic'
- Is Obama's handheld really a BlackBerry, or something else?
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts