The Government Accountability Office (GAO) concluded Tuesday that confusion over cybersecurity leadership is undermining the ability of the federal government to fully address cybersecurity challenges, recommending the establishment of a federal cyber czar.
The watchdog agency wrote in a report that “clarity of leadership” was “urgently needed” in order to implement the Trump administration’s 2018 National Cyber Strategy, citing concerns around the wide array of federal agencies involved in combating cyber threats, and the lack of a White House leader to help coordinate these actions.
“Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge,” GAO wrote.
The agency zeroed in on the elimination of the White House cybersecurity coordinator position in 2018 as being a major factor in leadership confusion at the federal level. The position was eliminated by former national security advisor John Bolton in an effort to decrease bureaucracy.
“In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan, but also holding federal agencies accountable once activities are implemented,” GAO wrote.
The report was released in the midst of an ongoing effort by bipartisan members of Congress to push through legislation establishing a national cyber director position at the White House, which would be an expanded version of the previous position and would help coordinate cybersecurity efforts at the federal level.
A bipartisan bill establishing the position was included in the House version of the annual National Defense Authorization Act in July, but was left out of the Senate version.
GAO recommended Tuesday that Congress “consider legislation” that would establish a position at the White House with the authority “to implement and encourage action in support of the nation’s cyber critical infrastructure.”
House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-N.Y.), one of the sponsors of the original legislation introduced in June to create a national cyber director, pointed to the report on Tuesday as supporting the establishment of the position.
“Today’s new report from the Government Accountability Office warns of another gaping vulnerability created by President Trump’s failure to take seriously the threats our nation faces,” Maloney said in a statement. “Cyberattacks are one of the top threats to our nation’s critical infrastructure, safety, and economic security.”
“GAO recommends that Congress consider legislation to designate a cyber leadership position in the White House,” she added. “I am a proud cosponsor of the National Cyber Director Act – the bill that would do exactly that: restore a cyber coordination and planning function to the White House and provide resources needed to strengthen our cyber defenses.”
The recommendation to create a national cyber director position originated from a report released by the Cyberspace Solarium Commission (CSC) in March.
The CSC, which is made up of bipartisan members of Congress, federal officials, and industry leaders, was charged with issuing recommendations to protect the U.S. against cyberattacks. The establishment of a national cyber director at the White House was one of the CSC’s top recommendations.
CSC co-chairs Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), along with CSC members Sen. Ben Sasse (R-Neb.) and Rep. Jim Langevin (D-R.I.) on Tuesday renewed their call to establish the position in light of the GAO’s findings.
“Today’s GAO report is further confirmation of the Solarium Commission’s conclusion that strong, central leadership is needed to address increasing cyber threats,” the lawmakers said in a joint statement. “We strongly support GAO’s recommendation that Congress enact legislation designating a leadership position in the White House for cybersecurity, complete with the authority and stature required to coordinate and integrate federal actions.”