Congressional debates over creation of a National Cyber Director -- and controversy over DHS’ enforcement role during protests throughout the country -- are spurring policymakers to mull broader moves such as a substantial overhaul of DHS, imbuing the Cybersecurity and infrastructure Security Agency with much more independence, or making the proposed director akin to a cabinet-level officer.
“In creating DHS, we threw in the kitchen sink, everything we needed to prevent another 9/11,” observed Kiersten Todt of the Cyber Readiness Institute, who helped draft the original Department of Homeland Security legislation as a staffer for then Senate Governmental Affairs Chairman Joseph Lieberman (D-CT).
“I’d love to see a re-examination of DHS – what is DHS without CISA? Maybe the other entities go back to their former homes and CISA is DHS,” said Todt, who was executive director of the 2016 Commission on Enhancing National Cybersecurity.
The House this week passed its fiscal 2021 National Defense Authorization Act, including a provision to launch a new cyber director office in the Executive Office of the President. Similar language was not included in the Senate version, which passed on Thursday.
House and Senate negotiators will resolve differences in the two versions after the August recess. The White House opposes installing a new National Cyber Director, and CISA Director Christopher Krebs has been cool to the idea as well, arguing that policymakers have been fleshing out the cyber agency’s authority and that another governmental layer may be unnecessary.
But the debate around a National Cyber Director comes amid controversy over the use of DHS personnel in quelling protests in U.S. cities, which some say could cause lasting political damage to the department and perhaps tilt the discussion about the government’s cyber leadership and CISA’s role in a different direction.
Former officials and others who have long advocated for a unity of mission across the Department of Homeland Security say they are re-examining their views in light of President Trump’s use of DHS officers during protests.
Phil Reitinger, who ran cyber programs at DHS during Obama’s first term and now leads the Global Cyber Alliance, said “my position has changed” on somehow separating CISA from the rest of DHS. “The role they’ve taken on national monuments is very worrisome,” he said of DHS’ deployment of personnel to various cities ostensibly to protect monuments from demonstrators.
Reitinger said he has long opposed creating a Department of Cybersecurity or otherwise separating cyber and physical security missions, and has also been concerned that CISA wouldn’t match up against “big established departments like Justice and Defense,” and needed to be part of a larger structure.
“But now,” he said, “DHS is becoming a political football and that’s doing significant harm to the infrastructure security mission. We need to ensure the political independence and nature of CISA.”
If CISA remains in DHS, he said, “it needs congressional support to bolster its independence.”
Amid the widespread protests that followed the killing of George Floyd, former Secretaries of Homeland Security Jeh Johnson, Michael Chertoff and Tom Ridge have been sharply critical of deployment of DHS officers, politization of the department and potential long-term impacts.
Congressional Democrats are amping up their demands for information about the DHS efforts -- and their criticism of Acting Secretary Chad Wolf, who has energetically embraced President Trump’s call for federal intervention.
CISA has often been an oasis of continuity and bipartisan support during the Trump administration, while the department itself has repeatedly been thrust into political controversies.
But now – with cyber authorities including possible creation of a national director being debated in the NDAA – some cybersecurity policy leaders are calling for a more comprehensive look at how DHS is organized and the positioning of CISA and cyber leadership more broadly.
Melissa Hathaway, who helped formulate cyber policy for both Presidents Obama and George W. Bush, offered strong support for a National Cyber Director, though she noted inevitable presidential opposition saying, “It’s hard to tell any president this is what you have to do.”
But just creating a director isn’t enough, Hathaway cautioned. “That needs to be done,” she said, “we need someone who sits in the White House and has visibility into the different moving parts including the National Security Council, National Economic Council and the Office of Science and Technology Policy.”
She said, “If we’re really serious, we would make it like the Office of the U.S. Trade Representative” as a truly standalone entity. That would imbue the director with substantial authority, and she suggested another element could be to “pull in” the National Telecommunications and Information Administration and create an office to “really drive where we want to take digital infrastructure.”
Hathaway is president of Hathaway Global Strategies and serves on the board of the Centre for International Governance Innovation and is a frequent writer on cyber issues.
Todt of the Cyber Readiness Institute said DHS today is “essentially a Swiss army knife,” but that Director Krebs “has shown with CISA that this can work if you give him this focus area, that he can do a lot with it. We absolutely need to look at reorganizing DHS.” – Charlie Mitchell (firstname.lastname@example.org)