Page 34 - FCW, August 2020
P. 34
Cybersecurity
a national cyber director, likening it to a restoration of the cybersecurity coordinator position that was eliminated at the White House in 2018. But there are some detractors.
Philip Reitinger, president and CEO of the Global Cyber Alliance and former deputy undersecretary for DHS’ National Protection and Programs Directorate, has argued that far from clarifying roles and responsibilities related to cybersecurity policy, the position as written in the House’s NDAA would lack any explicit authority for offensive cyber
operations carried out by the military. He also noted that the director’s focus on defensive issues would conflict with another one of the commission’s priorities: further empowering NPPD’s successor, the Cybersecurity and Infrastructure Security Agency.
In a recent piece
for Lawfare, Reitinger wrote that “creating a new Office of the National Cyber Director within the Executive Office of the President would do little to elevate CISA. In fact, it would likely have the opposite effect: reducing the influence of CISA as the new national cyber director works to clear some bureaucratic space by asserting authority and throwing some elbows.”
At the other end of the spectrum of concerns, Rep. Don Bacon (R-Neb.) warned that if the national cyber director did have authority over offensive and intelligence aspects of U.S. cyber policy, it could muddy the current chain of command for authorizing offensive operations by U.S. Cyber Command, the secretary of defense and the president.
King said such concerns are why the legislation makes clear that the position was designed for planning and coordination. “We want this person to
be accountable for the coordination, but \[he or she\] would not have an operational role,” he added.
Sen. Ron Johnson (R-Wis.), chairman of the Homeland Security and Governmental Affairs Committee, has come out in favor of the legislation, and Sen. Mike Rounds (R-S.D.), chairman of the Armed Services Committee’s Cybersecurity Subcommittee, has also expressed interest. However, in a July TV interview, he said: “What we don’t want to do is make it more cumbersome to respond in terms of the \[Defense
Langevin believes the lack of a national cyber director has hurt the United States in two key areas: coordinating the federal government’s efforts to help states secure their election infrastructure and shaping international discourse on cyber issues at the United Nations.
Last year, the U.N. passed a resolution sponsored by Russia to establish an open-ended intergovernmental council and convention on cybercrime. While the group would ostensibly be focused on developing a global response to
“Whatever we can’t do in this defense bill we’ll continue to try to move in individual pieces of legislation or in the defense bill next year, but I think we’re already well on the way.”
— SEN. ANGUS KING (I-MAINE)
Department\]. We want to make sure we have a streamlined process but with checks and balances.”
King and Langevin said they have heard that the White House opposes the idea of creating a national cyber director position, though they told FCW they’re still in the dark about the objections beyond general concerns about maintaining executive branch prerogatives. Langevin said he is trying to persuade the administration that this is an opportunity for President Donald Trump to be bold in an area where his predecessor took a more cautious approach.
“\[President Barack\] Obama couldn’t get this done — \[his team\] didn’t really want it or think they needed it,” Langevin said. “I’m hoping President Trump sees it differently. Just like with Space Force, he’ll see the importance of creating the first-ever national cyber director.”
the problem, more than 30 human rights and digital rights organizations warned that the resolution’s language is so broad it could allow Russia and other repressive governments to criminalize “ordinary online behavior” such as political organizing and encryption — all with the blessing of the international community.
“We really got our lunch eaten at the U.N. by the Russians on their cybercrime treaty proposal,” Langevin
34 August 2020 FCW.COM
said. “We didn’t have someone with the right policy authority there debating, arguing and working with our allies to point out the pitfalls...the ramifications.”
He drew a direct line to that outcome from the Trump administration’s elimination of the cyber coordinator positions at the White House and the State Department, saying “no one really noticed what was going on” because the U.S. did not have a robust structure in place to oversee digital security policies.
“This is the problem with not doing a deep dive and not having the cyber expertise present at these international bodies,” Langevin said. “Enemies and adversaries are going to look to take advantage of policy forums like this where they can argue a point of view... that maybe sounds good on the surface but when you look at the other side, what their real intent \[is\] could really