The time is now to begin implementing strong steps to defend the nation’s “digital resources” and the effort must be led by an empowered director of a new cyber security center at the Department of Homeland Security (DHS).
That director would help enforce cyber standards throughout the federal government, review the information technology security budgets and acquisition policies of civilian agencies, help these agencies create policies for personnel security assurance and have a direct advisory role to the President, Sen. Susan Collins (R-Maine), the ranking member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC), recently said.
As the principal adviser to the President for cyber security, staffed with DHS resources and with daily reporting responsibilities to the Secretary of Homeland Security, the director of the cyber security center would have the clout to deal with the “heads of other departments and agencies and with the private sector,” Collins said in prepared remarks at a symposium co-hosted the Homeland Security Policy Institute and the Intelligence and National Security Alliance.
Collins says that having a cyber czar at the White House trying to manage and coordinate the cyber security efforts across the federal civilian government is infeasible because that person wouldn’t have the resources and staff to get the job done.
“There must be constant, real-time monitoring of security and analysis of threats,” Collins says.
She also says that the director of cyber security can’t be housed at the National Security Agency or another intelligence agency due to privacy and civil liberties concerns.
Instead, having the cyber security center as part of DHS would allow it to take advantage of the “mission and resources” of the department for a role that has already been established through presidential homeland security and national security directives, Collins said. Moreover, “DHS is already the department within the federal government building partnerships with the private sector to secure our critical infrastructure and key resources.”
Collins’ call for a DHS-based cyber leader for the federal government is at odds with legislation that Sen. Joseph Lieberman (I/D-Conn.), the chairman of the Senate HSGAC, is crafting that would create a Senate-confirmed, cyber coordinator position at the White House (Defense Daily, Nov. 2). Lieberman said last week that he was working with Collins on the legislation. Clearly, the issue of where the power for federal cyber coordination should reside is a sticking point in whether the two senators, who frequently work together on a bi-partisan basis, will co-sponsor the pending bill.
Other key features of Collins’ vision for a strong federal cyber security manager at DHS include having the “ability to ‘Red Team’ agency systems, offer recommendations for security measures to agencies, and “insist” that agencies explain what they’ve done to implement those recommendations.
“The Director [of cyber security] would also coordinate information sharing on threats and vulnerabilities to our cyber infrastructure from across the federal government,” she said. The cyber chief would also promote a risk-based strategy for securing federal information systems, beginning with systems development and continuing through acquisition and the operational life cycle, she added.