Federal 'turf war' complicates cybersecurity efforts

Federal 'turf war' complicates cybersecurity efforts
© Getty

Lawmakers are concerned that bureaucratic turf wars are complicating the federal response to cyber threats.

The issue took center stage this week, as senators on the Homeland Security and Governmental Affairs Committee fretted that they had been unable to pass key cyber legislation requested by the Department of Homeland Security (DHS) because of a disagreement with the Senate Intelligence Committee.

ADVERTISEMENT
“The reality of the situation is there is conflict here,” said Chairman Ron JohnsonRonald (Ron) Harold JohnsonJuan Williams: Putin wins as GOP spins GOP senator: Harley-Davidson is right to move some production overseas GOP senator: Trump’s policies doing 'permanent damage' MORE (R-Wis.) at a hearing Wednesday. “This threat is too significant to allow turf wars to get in the way of as efficient an operation as possible in terms of dealing with a very complex and serious problem.” 

The dust-up illuminates the broader issue of turf wars over cybersecurity in the federal government.

The executive branch has no one single agency assigned to handle cyber. Instead, authorities are spread out over various agencies, including the Justice Department, which investigates and prosecutes cyber crime, and the Pentagon and broader intelligence community, both of which handle what is considered “offensive” cyber activity.

While Homeland Security is broadly recognized as the main agency defending federal networks and critical national assets from cyberattacks, individual agencies also play a major role in guarding their own networks and personnel from malicious cyber actors. 

The set-up means that virtually every congressional committee has a say in the federal government’s cybersecurity efforts.

“On defense, the responsibilities are so spread across so many parts of the federal government and across so many congressional jurisdictions,” said Michael Sulmeyer, a former cyber policy official at the Pentagon. “That is very hard to get coherent policy government wide.” 

Homeland Security — a relatively young agency — has dramatically grown its cyber capabilities in recent years. Department officials and some lawmakers are pushing for legislation that would rename and reorganize Homeland Security’s main cyber wing, the National Protection and Programs Directorate (NPPD), transforming it from a headquarters unit to an operational agency called the Cybersecurity and Infrastructure Security Agency. 

Proponents of the legislation, which has not been viewed as particularly controversial, say that it will help the department recruit talented personnel and streamline its cyber and infrastructure protection efforts.

But at the confirmation hearing for Christopher Krebs, President TrumpDonald John TrumpTrump says he doesn't want to use 'adversary' to describe Russia Comey urges Americans to vote for Democrats in midterms Roby wins Alabama GOP runoff, overcoming blowback from Trump criticism MORE’s nominee to lead NPPD, on Wednesday, Johnson revealed that lawmakers failed to insert the provision into a massive funding bill approved last month because the Intelligence Committee objected to it. 

“There’s a reason we didn’t get the name change in the omnibus,” Johnson said. “There was objection to that.” 

Aides declined to discuss the specifics of the holdup over the legislation. James Norton, a former Homeland Security official under the George W. Bush administration, said it would not be unusual for the Intelligence Committee to object to the bill. 

“They may have wanted time to review the legislation and potentially call a hearing on it,” Norton said. “DHS has several components that are part of the intelligence community … and if the new cyber organization has a large intelligence responsibility from a sharing and collection standpoint, then it may be a new player in the intelligence community that would need oversight.” 

The version of the legislation passed by the House gives the leader of the new Homeland Security agency the authority to access, receive and analyze law enforcement and intelligence information. It also says that personnel from various intelligence entities — including the National Security Agency, CIA and FBI — may be “detailed” to the new agency to help carry out its responsibilities.

The bill’s path forward is unclear, though lawmakers appear willing to work out the issues. Johnson said Wednesday that he has proposed arranging a meeting between members of Congress and Homeland Security officials, an idea he relayed to Intelligence Committee Chairman Richard BurrRichard Mauze BurrChristine Todd Whitman: Trump should step down over Putin press conference GOP lambasts Trump over performance in Helsinki GOP Intel chairman: Trump should recognize Putin lies MORE (R-N.C.) as recently as this week.

“As Chairman Johnson knows, I’m always happy to discuss cyber issues, authorities, and jurisdiction,” Burr told The Hill in a statement Thursday.

Meanwhile, proponents of the bill continue to push for its passage. “I am hopeful that the Senate will get this bill to the president’s desk very soon,” House Homeland Security Chairman Michael McCaulMichael Thomas McCaulOvernight Defense: Trump tries to quell Russia furor | GOP looks to reassure NATO | Mattis open to meeting Russian counterpart A change is coming to US-Mexico relations Hillicon Valley: Justices uphold Trump travel ban | Tech's response | Accused NSA leaker enters guilty plea | Dems press for more info on OPM breach | Senators press Trump to uphold ZTE ban | New hacking threat to satellites MORE (R-Texas), who successfully moved the bill through the House, said Thursday.

Some lawmakers believe that “turf wars” over cyber in the broader federal government have precluded the development of a coordinated approach — thereby endangering the U.S. in cyberspace.

“We have to have a whole-of-government approach, yet the whole of government is just all in these discrete areas, doesn’t talk to each other like they should, and is not efficient,” Sen. Gary PetersGary Charles PetersThe Hill's Morning Report — Trump, Putin meet under cloud of Mueller’s Russia indictments Dem senator: Kavanaugh sides with 'wealthiest special interests' Judge on Trump shortlist boasts stint on Michigan's high court MORE (D-Mich.) lamented Wednesday during Krebs’s confirmation hearing.

“We’re not really focused on the overall mission, which is to protect the American people."

Sen. Heidi HeitkampMary (Heidi) Kathryn HeitkampSenate Dems build huge cash edge in battlegrounds Bipartisan group introduces retirement savings legislation in Senate Fed chief lays out risks of trade war MORE (D-N.D.) told Krebs that she expects him to “throw some sharp elbows” to uphold Homeland Security’s role. “There’s been a lot of turf on this, and there can’t be,” Heitkamp said.

But former officials acknowledge that Homeland Security, established following the September 2001 terror attacks, has been historically challenged in asserting its power with respect to other, older agencies.

“As it relates to intelligence-sharing and mission, DHS has long struggled with turf wars, first as the new kid on the block, then constant changes at the leadership levels, vacancies and lack of a clear chain of command at the middle management level,” said Norton.

“The cyber component is no different as DHS has had a history of a limited budget, lack of authority and mandate despite its stated mission to secure [federal networks].” 

These factors, Norton said, spawn “natural power grabs” by other agencies looking to fill the void.

“The government is clearly working through cyber by putting the wheels on the bus as it’s moving.” Norton said.