Don’t pull the plug on the international cybersecurity coordinator’s office, former Obama administration cybersecurity czar J. Michael Daniel cautioned the Trump Administration in remarks addressed to attendees at the Black Hat conference yesterday.
Daniel’s comments referenced the rumored shuttering of the Office of the Coordinator for Cyber Issues (S/CCI) and redesignating it as a business issues office within the Bureau of Economic and Business Affairs.
He suggested this is no small matter, telling The Hill that cybersecurity is an issue “that crosses multiple desks at the State Department.” It’s not “just an economic problem.”
Daniel positioned the S/CCI as key to avoiding international cybersecurity incidents. Scaling back U.S. cybersecurity expertise will lessen our ability to shape multilateral security treaties, ultimately altering international norms in cyber warfare and in business treaties not for the better.
Christopher Painter, the office’s lead cybersecurity diplomat, resigned last week, signaling the reported move, although the State Department has not publicly confirmed or denied it. The S/CCI negotiates agreements with foreign countries on cybersecurity issues.
Considering the high-profile cybersecurity hacks by Russian operatives to interfere with the 2016 election, it’s an oddly-timed reorganization and diminishing of the unit’s primary directive, to say the least. The State Department reportedly has pointed to budget issues and redundancies as the reasons driving the relocation.
Earlier this week, a group of two dozen bipartisan U.S. legislators urged U.S. Secretary of State Rex Tillerson not to close the S/CCI.
“At a time when the world is more interconnected than ever and we face constant cyber threats from state actors, it is vital that we retain a high-level diplomatic role to report directly to the secretary on global cybersecurity,” the legislators wrote.
A senior fellow at the Council on Foreign Relations described the expected shift as relegating the unit to a “backwater within the State Department.”
Opposition to the reassignment isn’t confined only to government officials. John Bambenek, a threat intelligence member at Fidelis Cybersecurity, told The Hill that cybercrime is now commonplace in foreign countries where opposing governments attack each other and businesses.
Meanwhile, More Cybersecurity Flaws
Meanwhile, the Internal Revenue Service (IRS) has failed to fix numerous information security flaws to safeguard confidential financial and taxpayer information, The Hill reported separately, citing a new Government Accountability Office (GAO) audit.
The report describes ongoing “control deficiencies” that are plaguing the IRS’ process to secure taxpayers’ sensitive information even though the agency relies on IT systems and networks to support its operations and store private data, the report said.
“We are aware that much work remains to be done to ensure our large and complex IT ecosystem is fully secure and protects our financial and taxpayer data,” IRS Commissioner John Koskinen reportedly said in response to the GAO’s report.