Put cybersecurity chief in DHS not the White House, Senator says

More

Obama and tech

• Obama budget halts IT growth, cuts data centers
• White House cyber czar and other security non-events of 2009
• Obama backs U.S. return to math, science, tech
• Obama said to be close again to naming cybersecurity chief
• Put cybersecurity chief in DHS not the White House, Senator says
• Report: Obama close to appointing White House cybersecurity chief
• Developers build useful, fun apps with fed data
• White House tells agencies, think 'open innovation'
• The cybersecurity job no one really wants
• Pressure on Obama to move fast on cybersecurity appointment

More: Obama tech watch

Computerworld - Five months after President Obama announced the need for a White House-appointed coordinator to oversee national cybersecurity affairs, the debate continues in Washington over whether such a coordinator would be more effective if outside the White House.

Senator Susan Collins (R-Maine), the Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, raised the issue most recently. Delivering a speech on cybersecurity issues at George Washington University on Monday, Collins rejected the idea of a White House led cybersecurity effort and insisted the leadership would have to come from the U.S. Department of Homeland Security (DHS).

"Effectively managing government cybersecurity is going to require more than a few staff crammed into a cubicle in the depths of the White House," Collins said in her speech.

She said that while the National Security Agency and other intelligence agencies have the needed cybersecurity resources, "privacy and civil liberties" issues preclude them from taking leadership.

As a result, any effort to secure civilian government and critical infrastructure against cyber threats needs to be led by the DHS, Collins said. Only the DHS has the ability to provide the aggressive oversight and continuous real-time security monitoring and analysis that is needed, she said. A cybersecurity office "anchored at DHS, with a strong and empowered leader would close the coordination gaps that currently exist in our disjointed federal efforts," she said.

The director of such a federal cybersecurity effort at DHS could serve as a principal advisor to the President on cybersecurity matters and report directly to the Secretary of Homeland Security, she suggested.

The dual lines of responsibility would give the director the needed clout to interact "effectively and directly" with department and agency heads on cybersecurity matters she said.

Collins' speech yesterday echoed the opposition that she and other lawmakers have expressed over the past few months to the notion of a White House cybersecurity coordinator.

Collins and the others have argued that putting the White House in charge of cybersecurity would make it harder for Congress to oversee policies and budgets. At a confirmation hearing for Rand Beers as the undersecretary for the DHS' National Protection and Programs Directorate earlier this year, Sen. Joseph Lieberman (Ind-Conn.), expressed concern that a White House cyber office would "undercut the role of the DHS".

Several lawmakers have said that they would not approve any funding for such a White House-appointed cybersecurity office.

Meanwhile even many who had originally supported the idea of a White House cybersecurity coordinator have been expressing increasing doubt over the effectiveness of the role. Far from being the game-changing role that some had hoped it would be, the new position is increasingly being seen as one that has been watered down to the point of inconsequence thanks to inter-agency politics.

It's a perception that is being bolstered by the Obama Administration's continuing delay in naming an appointee to the White House cybersecurity coordinator role more than five months after the position was announced in May.

In announcing the role, Obama had said the White House cybersecurity coordinator would be responsible for overseeing a national strategy for securing American interests in cyberspace. He had described the move as an attempt to give cybersecurity the "high-level focus and attention" it deserved at a time when critical government, military and private sector targets were coming under increasing attacks by adversaries.

He had noted that no single person was currently responsible for overseeing the U.S. government's cybersecurity efforts and that the situation needed to change.

Though five months have passed since that announcement, no one has been appointed to the role yet.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.