The ranking member of the U.S. Senate's Homeland Security Committee, Susan Collins (R-Maine), today raised questions about recent calls for a direct White House role in coordinating national cybersecurity affairs.
At a hearing this morning on strategies for securing cyberspace, Collins said that putting the White House in charge would make it harder for Congress to exercise needed oversight over critical cyber policies and budgets.
Those concerns emerged even as another lawmaker -- Sen. Thomas Carper (D-Del.) -- announced that he is introducing a bill to establish a National Office for Cyberspace that would report to the president. Under the United States Information and Communications Enhancement Act of 2009, the director of that office would be appointed by the president and would be in charge of implementing a governmentwide strategy for securing cyberspace.
Carper's bill is similar to two others introduced jointly by Sens. Olympia Snowe (R-Maine) and Jay Rockefeller (D-W.Va.). Those bills also want to set up a cybersecurity office in the White House and include a provision that would allow the president to disconnect government and private entities from the Internet for national security reasons or in a cyberemergency.
Collins today urged a cautious approach to such proposals. "We have to be really careful about creating a new office within the office of the president," she said. Doing that would "diminish our ability to exercise Congressional oversight" of cyber issues, she added.
"That is not to say that we are looking at the [Department of Homeland Security] to make decisions on declaring [cyber] war," Collins said. "Obviously, that is something the president would do with Congressional input," she said. The key is to avoid turf battles, inadequate Congressional oversight and unclear lines of authority, she said. "We need to strengthen cybersecurity, and the question is how best to do this," Collins said.
She suggested that the government use as a model the National Counterterrorism Center (NCTC), which was established in August 2004 on the recommendations of the 9/11 Commission. The NCTC works in the Office of the Director of National Intelligence (ODNI) -- a setup that allows for greater Congressional oversight, she said.
"This new administration has shown a tendency to appoint specialists and czars" for virtually every important function, Collins said, noting that such moves can lead to agency conflicts and hamper oversight. "Congressional oversight is critical to making real progress," she said.
Stewart Baker, a former assistant secretary at the DHS and now a partner at Steptoe & Johnson LLP, a Washington-based law firm, also argued against the creation of a White House office for cybersecurity. Baker said that while there is a need to better organize our defenses in cyberspace, the goal should be to strengthen the DHS's ability to handle the task by giving it needed resources and support from agencies such as the National Security Agency and the military.
Baker said he disagrees with the notion that "DHS is not doing everything it should, [so] consequently we should dream up a new [entity] that would perform all of the functions that the DHS should be doing. I don't think we want to be in this conversation two years from now, looking at a new organization that has failed. It's a recipe for treading water."
The concerns aired today suggest that the idea of a White House cyber office could turn out to be as contentious as the creation of the NCTC. They come at a time when the DHS, which is supposed to be the lead agency on cyber matters, has come under increasing criticism for failing to live up to its mandate at a time when the country's interests in cyberspace face an unprecedented range of threats.
Others have also recently voiced support for a presidential role in cyber affairs. Melissa Hathaway, President Obama's acting senior director for cyberspace, last Wednesday called for a more direct White House role in coordinating national cybersecurity efforts. Speaking at the RSA Security Conference in San Francisco, she said that while cybersecurity needs to be a shared private- and public-sector effort, the task of leading it "is the fundamental responsibility of our government." In arguing for a bigger White House role, Hathaway said the government's responsibility "transcends" the purviews of individual departments and agencies, none of which has enough perspective to match the "sweep of the challenges."
Hathaway is a former Bush administration aide who has been working as an executive coordinator of cyber affairs for the Office of the Director of National Intelligence. In February, Obama asked her to conduct a review of federal cybersecurity programs to see what needs to be done to better align them with ongoing threats. She completed the 60-day review earlier this month and her report was handed over to the president.