The Government Accountability Office (GAO) concluded Tuesday that confusion over cybersecurity leadership is undermining the ability of the federal government to fully address cybersecurity challenges, recommending the establishment of a federal cyber czar.
The watchdog agency wrote in a report that “clarity of leadership” was “urgently needed” in order to implement the Trump administration’s 2018 National Cyber Strategy, citing concerns around the wide array of federal agencies involved in combating cyber threats, and the lack of a White House leader to help coordinate these actions.
“Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge,” GAO wrote.
The agency zeroed in on the elimination of the White House cybersecurity coordinator position in 2018 as being a major factor in leadership confusion at the federal level. The position was eliminated by former national security advisor John BoltonJohn BoltonWe've left Afghanistan — but its consequences are just starting to arrive It's time to pull the plug on our toxic relationship with Pakistan Overnight Defense & National Security — Milley becomes lightning rod MORE in an effort to decrease bureaucracy.
“In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan, but also holding federal agencies accountable once activities are implemented,” GAO wrote.
The report was released in the midst of an ongoing effort by bipartisan members of Congress to push through legislation establishing a national cyber director position at the White House, which would be an expanded version of the previous position and would help coordinate cybersecurity efforts at the federal level.
A bipartisan bill establishing the position was included in the House version of the annual National Defense Authorization Act in July, but was left out of the Senate version.
GAO recommended Tuesday that Congress “consider legislation” that would establish a position at the White House with the authority “to implement and encourage action in support of the nation’s cyber critical infrastructure.”
House Oversight and Reform Committee Chairwoman Carolyn MaloneyCarolyn MaloneyTrump company in late-stage talks to sell DC hotel: report Trump Hotel lost more than M during presidency, say documents Overnight Health Care — Presented by Altria — Dip in COVID-19 cases offer possible sign of hope MORE (D-N.Y.), one of the sponsors of the original legislation introduced in June to create a national cyber director, pointed to the report on Tuesday as supporting the establishment of the position.
“Today’s new report from the Government Accountability Office warns of another gaping vulnerability created by President TrumpDonald TrumpTrump goes after Cassidy after saying he wouldn't support him for president in 2024 Jan. 6 panel lays out criminal contempt case against Bannon Hillicon Valley — Presented by Xerox — Agencies sound alarm over ransomware targeting agriculture groups MORE’s failure to take seriously the threats our nation faces,” Maloney said in a statement. “Cyberattacks are one of the top threats to our nation’s critical infrastructure, safety, and economic security.”
“GAO recommends that Congress consider legislation to designate a cyber leadership position in the White House,” she added. “I am a proud cosponsor of the National Cyber Director Act – the bill that would do exactly that: restore a cyber coordination and planning function to the White House and provide resources needed to strengthen our cyber defenses.”
The recommendation to create a national cyber director position originated from a report released by the Cyberspace Solarium Commission (CSC) in March.
The CSC, which is made up of bipartisan members of Congress, federal officials, and industry leaders, was charged with issuing recommendations to protect the U.S. against cyberattacks. The establishment of a national cyber director at the White House was one of the CSC’s top recommendations.
CSC co-chairs Sen. Angus KingAngus KingSenate to vote next week on Freedom to Vote Act GOP tries to take filibuster pressure off Manchin, Sinema Hillicon Valley — Presented by American Edge Project — TSA to issue cybersecurity directives to secure rail, aviation sectors MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherChina denies it tested missile, says it was space vehicle Biden slips further back to failed China policies Lawmakers using leadership PACs as 'slush funds' to live lavish lifestyles: report MORE (R-Wis.), along with CSC members Sen. Ben SasseBen SasseTrump goes after Cassidy after saying he wouldn't support him for president in 2024 Invoking 'Big Tech' as an accusation can endanger American security Biden slips further back to failed China policies MORE (R-Neb.) and Rep. Jim LangevinJames (Jim) R. LangevinHillicon Valley — Presented by American Edge Project — Americans blame politicians, social media for spread of misinformation: poll Democrats urge federal agencies to address use of cryptocurrencies for ransomware payments Biden signs bill to strengthen K-12 school cybersecurity MORE (D-R.I.) on Tuesday renewed their call to establish the position in light of the GAO’s findings.
“Today’s GAO report is further confirmation of the Solarium Commission’s conclusion that strong, central leadership is needed to address increasing cyber threats,” the lawmakers said in a joint statement. “We strongly support GAO’s recommendation that Congress enact legislation designating a leadership position in the White House for cybersecurity, complete with the authority and stature required to coordinate and integrate federal actions.”