Members of a commission that recommended a reorganization of the federal government’s cybersecurity operations are hoping several of their policy recommendations will become law this year, but at least one proposal is expected to cause a headache: establishing a national cyber director in the White House.
The recommendation for the new position comes from the Cyberspace Solarium Commission, a group that tasked by Congress with recommending changes to the federal government’s cyber strategy. The national cyber director would be a Senate-confirmed position who would be housed within the Executive Office of the President and have budget and policy authority to coordinate cyber policy across the federal government.
The commission’s members have touted the bipartisan nature of its work and the executive branch’s participation in meetings. But the White House’s receptiveness to a new to cyber official is also in question. In 2018, the White House eliminated the cybersecurity coordinator position and it has not been reinstated since, much to the chagrin of some lawmakers on Capitol Hill. Asked during a May 29 webinar hosted by the German Marshall Fund if the White House was receptive to a national cyber director, Rep. Jim Langevin, D-R.I., acknowledged it could be a difficult path.
“No president ... likes the idea of being told how the executive branch will be organized,” Langevin said. “So I expect that that’s going to take some work."
The cyber coordinator position, eliminated under John Bolton’s tenure as President Donald Trump’s national security adviser, served an advisory role and lacked strong authority. The cyber director position, as recommended, would have the authority to direct national-level coordination of cyber strategy, defensive cyber operations, crisis response, and serve as the spokesperson on cyber issues and crises management. As envisioned, the nomination would be considered by the Senate Armed Services Committee and Homeland Security Committee, until the chamber creates a select cybersecurity committee, another one of the commission’s recommendations.
Though the White House could be reluctant, Langevin said the position was needed to ensure federal agencies were adequately protecting themselves. For example, Langevin said, the Office of Personnel Management, whose breach in 2014 exposed the personal information of more than 20 million people, is focused on federal employees, not cybersecurity.
“You have all these different departments and agencies — cybersecurity is not their primary mission,” Langevin said.
Solarium commissioners have pointed to the fiscal 2021 National Defense Authorization Act as its target vehicle for codifying at least 30 percent of its recommendations that are germane to the bill.
Some members of the Senate have asked for more details on the role of the national cyber director. Sen. Angus King, I-Maine, said at a Senate hearing in mid-May that Sen. Mike Rounds, R-S.D., had sent him a letter asking for more details on the role.
“We need somebody at a very high level who can oversee, coordinate and work on the planning with all these different disparate parts of the federal government that are working on this,” King said. “I think that’s an absolutely critical need.”