It's unclear whether a report being prepared for President Barack Obama on federal information security preparedness will support recent calls for the creation of a new cybersecurity office within the White House, two lawmakers said today.
Instead, the report may recommend a more collaborative and cooperative strategy among federal agencies on the issue of cybersecurity without a single agency or department in charge, they said.
Members of the U.S. House Cybersecurity Caucus today met with Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council.
Hathaway, who is conducting a 60-day review of federal cybersecurity preparedness on behalf of the president, today presented a status report to members of the caucus.
Speaking with reporters after the briefing, Rep. James Langevin (D-R.I.), co-chair of the caucus, and Rep. Yvette Clarke (D-N.Y.), chairwoman of a subcommittee within the Committee on Homeland Security, said it was unclear yet what Hathaway might recommend.
Rather than "include another structure" within the White House, there may be a call for an increase in staffing within the White House Office of Management and Budget (OMB) in a bid to improve its current role of overseeing government cyberaffairs, said Langevin. Chances are "there will not be one king," he said.
Langevin co-chaired a commission at the Center for Strategic and International Studies, a bipartisan think tank, that has called for the creation of a centralized cybersecurity office in the White House to be named the National Office for Cyberspace. The new office could combine the National Cyber Security Center (NCSC) and the Joint Interagency Cyber Task Force, two existing agencies that are handing cybersecurity today.
The U.S. Government Accountability Office (GAO) has also called for a new office dedicated to cybersecurity within the White House. Calls have been prompted by what is perceived as the inability of the U.S. Department of Homeland Security to lead the nation's cybersecurity mission.
Hathaway's report will also look at public-private partnerships in the area of information security and address the issue of ownership of such partnerships, Clarke said. The review will examine what regulations and incentives are most likely to engender cooperation from the private sector, she said.
Langevin said that as part of the effort, Hathaway is talking to various regulatory bodies to figure out what is working and what isn't. "Clearly, this is not going to be one or the other. It's going to be a combination of both," Langevin said, pointing to the model employed by the federal government to address the Y2k problem as an example.
In conducting the review, Hathaway is soliciting input from privacy and civil rights groups that might be concerned about the implications of the nation's cybersecurity efforts on privacy and individual rights, the representatives said. Such concerns came to the fore recently following the resignation of Rod Beckstrom as director of the NCSC. In quitting, Beckstrom cited lack of support for his office from within the DHS and what he said were the growing number of attempts by the National Security Agency (NSA) to take control of domestic cybersecurity affairs.
Beckstrom's resignation lifted the lid on widespread opposition to the notion of a spy agency such as the NSA playing a leading role in national cybersecurity affairs.