Without a “clear central leader” to coordinate the disparate U.S. cybersecurity programs of 23 federal agencies, the White House cannot ensure that strategies and plans are effectively executed to support the nation’s cyber defenses, the Government Accountability Office (GAO) said in a new report.
The government watchdog called for Congress to propose a leadership position within the White House to implement a national cyberstrategy with authority over budget and resources “to encourage action in support” of the nation’s cybersecurity critical infrastructure.
The Government Accountability Office found there were insufficient leadership responsibilities outlined in the Trump administration's 2018 national cyber strategy and the subsequent implementation plan in 2019 and recommended that Congress restore the White House Cybersecurity Coordinator position or designate another leadership post with policy and budget authority to respond to cybersecurity threats. Both President Trumps’ 2018 national cyber strategy and a follow-on legislation plan a year later exhibited insufficient leadership responsibilities, the GAO said, along with Congress not restoring the White House Cybersecurity Coordinator position eliminated by then national security advisor John Bolton in a streamlining effort.
“In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan, but also holding federal agencies accountable once activities are implemented,” the audit, which the GAO conducted from November 2018 to September 2020 and released on September 22.
"Although staff is tasked with the coordination of efforts to carry out the National Cyber Strategy and its accompanying Implementation Plan, there is a lack of clarity around how it plans on accomplishing this,” the GAO said.
The report comes amid a new call from Congressional legislators to create a national cyber position inside the White House reporting directly to the President. Last July, a bipartisan group of legislators introduced the National Cyber Director Act to create a National Cyber Director within the White House, functioning as the President’s principal advisor on cybersecurity and associated emerging technology issues and recognized as the lead national-level coordinator for cyber strategy and policy. The legislation is sponsored by Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI) and backed by four additional congressional members.
The person filling the position would be nominated by the president and subject to Senate confirmation. A host of duties come with the job, including overseeing and coordinating federal government incident response activities, collaborating with private sector entities, and attending and participating in meetings of the National Security Council and Homeland Security Council. The Director would also develop and oversee implementation of a national cyber strategy to defend the nation’s interests and critical infrastructure against malicious cyber actors and would also participate in the preparation for cybersecurity summits and other international meetings in which cybersecurity is a focus.
In large measure, the idea for the new position springs from a large set of recommendations proposed by the Cyberspace Solarium Commission (CSC) last March on how best to defend the nation from cybersecurity threats. Among its 75 recommendations are calls for a new national cyber director who would function as the president’s chief cybersecurity advisor.