Lawmakers raise concerns over federal division of cybersecurity responsibilities

The bipartisan leaders of the House Homeland Security Committee on Wednesday raised concerns about the division of responsibilities among key federal cybersecurity officials, noting that without clarification, the situation could “stunt” the response to cybersecurity challenges. 

Committee Chairman Bennie Thompson (D-Miss.) and ranking member John Katko (R-N.Y.) and cybersecurity subcommittee Chairwoman Yvette Clarke (D-N.Y.) and ranking member Andrew Garbarino (R-N.Y.) sent a letter to White House National Cyber Director (NCD) Chris Inglis detailing their concerns.

The lawmakers asked him how his responsibilities complement those of Anne Neuberger, the deputy national security adviser for cyber and emerging technology (DNSACET), and Jen Easterly, who was recently confirmed by the Senate to lead the Cybersecurity and Infrastructure Security Agency (CISA). 

“While the talent that you and other senior cybersecurity officials bring to bear is undeniably encouraging, we remain concerned that lingering confusion about the roles and responsibilities among the NCD, CISA Director, and the DNSACET will stunt whole-of-government efforts to address pressing cybersecurity challenges facing the nation,” the lawmakers wrote to Inglis.

The committee leaders alluded to the recent spate of major cyberattacks, noting that “given the current threat landscape, seamless coordination between respective cybersecurity leaders is in everyone’s best interest.”

They asked that Inglis provide an overview of how the NCD office will work with CISA, noting that they believed it was “critical that CISA has a seat at the table.” They also asked for a description of how the role of NCD differs from those held by Neuberger and Easterly. 

“We believe you are in a position to provide clarity around roles and responsibilities for cybersecurity policy development, planning, and incident response,” the lawmakers wrote. “It is our hope that you, as NCD, will provide the needed consistency and coordination to ensure the federal government is following long-established policies and procedures governing federal cybersecurity efforts.”

The White House did not have a comment on the letter. 

The NCD position is new and was established by the most recent National Defense Authorization Act (NDAA). The creation of the role was supported by lawmakers on both sides of the aisle in the House and Senate as a way to restore and elevate the previous position of White House cybersecurity coordinator, which was eliminated in 2018 under the Trump administration. 

Inglis was sworn in last month but was confirmed without Congress providing any funding for his office, which, according to the 2021 NDAA, can include up to 75 employees. The Senate-passed $1 trillion infrastructure package included $21 million for the NCD office, but the future of the bill in the House is uncertain. 

According to the NDAA, Inglis is meant to serve as the “principal advisor to the president on cybersecurity policy” and is responsible for coordinating federal efforts to strengthen cybersecurity. 

Neuberger was appointed to the role on the National Security Council by President Biden shortly before he took office in January. In this position, Neuberger led the administration’s response to a number of major cyber incidents, including the SolarWinds attack, which involved Russian government-linked hackers who compromised nine U.S. federal agencies for much of 2020. 

Ransomware has also been an increasing national security threat, and Neuberger has been a key federal leader in responding to the ransomware attacks in May on Colonial Pipeline and meat producer JBS USA. 

CISA, which is the cybersecurity arm of the Department of Homeland Security, was also heavily involved in responding to these attacks but was without a Senate-confirmed leader from November until Easterly’s confirmation by the Senate last month. 

Both Inglis and Easterly were unanimously approved by the Senate and outlined their roles at the same confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee in June. 

During the hearing, Easterly described CISA as the “quarterback” within the federal cybersecurity space but stressed in her prepared remarks that CISA could not carry out its mission alone. 

“Cyber is and must always be a team sport,” Easterly testified in June. 

Sen. Gary Peters (D-Mich.), the chairman of the committee, met with Inglis, Easterly and Neuberger earlier this month to discuss tackling the escalating cybersecurity threats. Peters said in a statement after the meeting that it had been “productive” and included discussions of how Congress and the officials could work together to strengthen the nation’s cybersecurity.