Panel says DHS should not oversee cybersecurity

Nonpartisan commission recommends White House take the lead on protecting federal computer networks.

Members of a nonpartisan cybersecurity commission on Tuesday blamed the Homeland Security Department for failing to adequately protect the government's technology networks, recommending to a congressional panel that the White House take the lead on the effort.

Comment on this article in The Forum.DHS doesn't have the clout or authority with other agencies to direct governmentwide cybersecurity efforts, said Jim Lewis, program manager of the Commission on Cybersecurity for the 44th Presidency, in an interview with Nextgov.com prior to his testimony. Lewis, who appeared before the House Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, also is director and senior fellow for the technology and public policy program at the Center for Strategic and International Studies.

"The consensus is, 'We're under attack now and we can't wait three years to fix DHS,'" Lewis said, noting that at first he thought strengthening DHS would be a reasonable strategy, but was convinced otherwise by those in and out of government who were interviewed as part of the commission's research. "It can [protect] borders, transportation and critical infrastructure, but it can't do strategy for cybersecurity. And to be fair, DHS is not capable of commanding other agencies, because they don't have the authority and they don't have the interagency influence. Only one place can do that," he said, referring to the White House.

The campaigns of both presidential nominees -- Democratic Sen. Barack Obama and Republican Sen. John McCain -- are receptive to the idea of giving the White House cybersecurity oversight, Lewis said, but neither has offered a formal position on the matter. Obama, however, has said if elected he would appoint a national cyber advisor who would report directly to him.

Lewis' comments and the commission's testimony comes a day after Homeland Security confirmed that it would lead President Bush's largely classified governmentwide cybersecurity initiative.

The commission testified that the federal government is crippled in its cybersecurity efforts by a lack of strategic focus, overlapping missions, and poor coordination and collaboration among agencies. In his opening statement, Lewis identified five necessary tools for securing cyberspace: diplomatic initiatives; military and defense capabilities; economic resources that promote international standards; law enforcement and intelligence. To illustrate U.S. failure to properly influence global cyber efforts, Lewis pointed to Russia. The United States forced that country to comply with many legal and trade requirements, but did not ask that it improve its cybersecurity efforts.

Similarly, diplomatic initiatives to promote global cybersecurity efforts should be modeled after U.S. experience in building international cooperation in nonproliferation, according to the commission's recommendations. Stronger public-private partnerships to promote cybersecurity also are necessary, including reestablishing the mutual trust that has deteriorated in recent years and refocusing on critical infrastructures such as telecommunications, electricity, and finance. In addition, existing regulatory agencies for those sectors should embed cybersecurity into compliance requirements, the commission concluded.

CSIS created the panel in October 2007 to offer recommendations in cybersecurity policy for the next administration. The commission has four co-chairs: Reps. Jim Langevin, D-R.I., and Michael McCaul, R-Texas; Scott Charney, corporate vice president for Trustworthy Computing at Microsoft and retired Lt. Gen. Harry D. Raduege Jr.

Langevin, who also chairs the House cybersecurity subcommittee, announced the creation of the first House Cybersecurity Caucus, which will seek to raise awareness and provide a forum for members representing different committees to discuss cybersecurity challenges. The kickoff event will take place in January 2009.

"Just as this administration hasn't spoken with one voice, committee jurisdictional squabbles threaten to divide the attention and focus of Congress on these issues," Langevin said.