The Commission on Cyber Security for the 44th Presidency tells Congress responsibility for securing U.S. computer networks should be shifted from the Department of Homeland Security to the White House. DHS counters that the Commission on Cyber Security's plan amounts to little more than inside-the-beltway deck chair shuffling based on political posturing and says DHS has a strong cyber-security strategy, pointing to the creation of the National Cyber Security Center.
The Department of Homeland Security-the lead federal agency charged with
computer networks-has fundamentally failed in its mission and should be
relieved of its cyber-security responsibilities, a blue ribbon panel told
Congress Sept. 16.
James A. Lewis of the Commission on Cyber Security for the 44th
Presidency and director and senior fellow at CSIS (Center for Strategic and
International Studies) told lawmakers that responsibility for cyber-security
should be shifted back to the White House. Before Congress created DHS in 2003
by merging 22 federal agencies, responsibility for cyber-security rested with
the White House.
"Oversight of cyber-security must move elsewhere. The conclusion we've
reached is that only the White House has the authority to be effective,"
Lewis told the House Committee on Homeland Security's Subcommittee on Emerging
Threats, Cybersecurity, and Science and Technology. "It did not take long
for our group to conclude that our national efforts in cyberspace are
The CSIS Commission was formed a year ago to formulate security policy and
operations recommendations for the next president. The panel is a nonpartisan
commission composed of approximately 30 cyber-security experts, including
members of the Committee on Homeland Security and security experts from
Microsoft, IBM, Oracle, Verizon and Cisco
Systems. Lewis said DHS' poor performance on cyber-security could be attributed
to a lack of strategic focus, overlapping missions, and poor coordination
"Given DHS' weaknesses, we considered a number of alternatives,"
Lewis said. "The intelligence community has the necessary capabilities but
giving it a lead role poses serious constitutional problems. DOD [Department of
Defense] is well suited to handle a national mission, but giving it the lead
suggests a militarization of cyber-space. We concluded that only the White
House has the necessary authority and oversight for cyber-security."
DHS, which was not invited to testify at the hearing, took immediate
exception to the idea.
"Rearranging the deck chairs is a classic inside-the-beltway pastime,
but all that it ensures are more headlines for political posturing and a
guarantee that in two years government's cyber-efforts will be in the same
place," Laura Keehner, a DHS spokesperson, said in a statement.
"Rather than playing shell games, we're getting meaningful work done. To
be fair, we are undertaking something not unlike the Manhattan Project. We have
set a strong cyber-strategy, recently created the National
Cyber Security Center
and are in the process of aggressively hiring several hundred analysts to
further our mission of securing critical infrastructure."
Rep. Bill Pascrell, D-N.J., called the Bush administration's cyber-security
efforts since 2003 a "disaster," particularly after former White
House cyber-security advisor Richard Clarke was given the boot.
"Let's name names and talk about accountability," Pascrell said.
"I think we've been so concerned about political correctness that we
haven't corrected the vulnerabilities."
Paul Kurtz, chief operating officer at Good Harbor Consulting, a member of
the Commission on Cyber Security and former cyber-security advisor to President
Bush, said DHS leadership has hamstrung security efforts.
"There really is no one in charge right now at DHS," Kurtz said.
"We have people who are supposedly working side by side but are not
working side by side. We need to establish a better means of collaboration.
It's as though you have several people with their hands on the steering wheel
and there is really no common direction."
The commission is expected to make its final cyber-security
recommendations for the next president in November.