The Government Accountability Office (GAO) concluded Tuesday that confusion over cybersecurity leadership is undermining the ability of the federal government to fully address cybersecurity challenges, recommending the establishment of a federal cyber czar.
The watchdog agency wrote in a report that “clarity of leadership” was “urgently needed” in order to implement the Trump administration’s 2018 National Cyber Strategy, citing concerns around the wide array of federal agencies involved in combating cyber threats, and the lack of a White House leader to help coordinate these actions.
“Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge,” GAO wrote.
The agency zeroed in on the elimination of the White House cybersecurity coordinator position in 2018 as being a major factor in leadership confusion at the federal level. The position was eliminated by former national security advisor John BoltonJohn BoltonDiplomacy with China is good for America The Hill’s Morning Report – Sponsored by The Air Line Pilots Association – Pence lauds Harris as ‘experienced debater’; Trump, Biden diverge over debate prep DOJ launches probe into Bolton book for possible classified information disclosures MORE in an effort to decrease bureaucracy.
“In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan, but also holding federal agencies accountable once activities are implemented,” GAO wrote.
The report was released in the midst of an ongoing effort by bipartisan members of Congress to push through legislation establishing a national cyber director position at the White House, which would be an expanded version of the previous position and would help coordinate cybersecurity efforts at the federal level.
A bipartisan bill establishing the position was included in the House version of the annual National Defense Authorization Act in July, but was left out of the Senate version.
GAO recommended Tuesday that Congress “consider legislation” that would establish a position at the White House with the authority “to implement and encourage action in support of the nation’s cyber critical infrastructure.”
House Oversight and Reform Committee Chairwoman Carolyn MaloneyCarolyn Bosher MaloneyTop Democrats call for DOJ watchdog to probe Barr over possible 2020 election influence House panel advances bill to ban Postal Service leaders from holding political positions Shakespeare Theatre Company goes virtual for ‘Will on the Hill…or Won’t They?’ MORE (D-N.Y.), one of the sponsors of the original legislation introduced in June to create a national cyber director, pointed to the report on Tuesday as supporting the establishment of the position.
“Today’s new report from the Government Accountability Office warns of another gaping vulnerability created by President TrumpDonald John TrumpBubba Wallace to be driver of Michael Jordan, Denny Hamlin NASCAR team Graham: GOP will confirm Trump’s Supreme Court nominee before the election Southwest Airlines, unions call for six-month extension of government aid MORE’s failure to take seriously the threats our nation faces,” Maloney said in a statement. “Cyberattacks are one of the top threats to our nation’s critical infrastructure, safety, and economic security.”
“GAO recommends that Congress consider legislation to designate a cyber leadership position in the White House,” she added. “I am a proud cosponsor of the National Cyber Director Act – the bill that would do exactly that: restore a cyber coordination and planning function to the White House and provide resources needed to strengthen our cyber defenses.”
The recommendation to create a national cyber director position originated from a report released by the Cyberspace Solarium Commission (CSC) in March.
The CSC, which is made up of bipartisan members of Congress, federal officials, and industry leaders, was charged with issuing recommendations to protect the U.S. against cyberattacks. The establishment of a national cyber director at the White House was one of the CSC’s top recommendations.
CSC co-chairs Sen. Angus KingAngus KingShakespeare Theatre Company goes virtual for ‘Will on the Hill…or Won’t They?’ On The Trail: How Nancy Pelosi could improbably become president Angus King: Ending election security briefings ‘looks like a pre-cover-up’ MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherHillicon Valley: ‘Fortnite’ owner sues Apple after game is removed from App Store | Federal agencies seize, dismantle cryptocurrency campaigns of major terrorist organizations Lawmakers introduce bill designating billion to secure state and local IT systems Congress has a shot at correcting Trump’s central mistake on cybersecurity MORE (R-Wis.), along with CSC members Sen. Ben SasseBenjamin (Ben) Eric SasseChamber of Commerce endorses McSally for reelection Ben Sasse is mistaken with idea for the election of senators in America Big Ten football to return in October MORE (R-Neb.) and Rep. Jim LangevinJames (Jim) R. LangevinPandemic underscores demand for career and technical education Rep. Jim Langevin fends off Democratic primary challenge in RI DHS cyber agency issues order boosting cybersecurity vulnerability reporting MORE (D-R.I.) on Tuesday renewed their call to establish the position in light of the GAO’s findings.
“Today’s GAO report is further confirmation of the Solarium Commission’s conclusion that strong, central leadership is needed to address increasing cyber threats,” the lawmakers said in a joint statement. “We strongly support GAO’s recommendation that Congress enact legislation designating a leadership position in the White House for cybersecurity, complete with the authority and stature required to coordinate and integrate federal actions.”