CAMBRIDGE, MD – Now that the White House completed its cybersecurity review April 17, President Barack Obama will analyze the recommendations with the National Security Agency, the CIA, the Homeland Security Council and the National Security Council.
According to one federal chief information officer, who requested anonymity because the review is not final, there still is a lot to be decided about the future of cybersecurity, including whether there is a separate office in the White House. The source says there is active resistance about giving the Homeland Security Department a big role in the governmentwide effort. And other sources have said the NSA is pursuing a larger role in cyber for all of government, and the Defense Department may create a cyber command.
On top of the review and agencies trying to grab turf, Congress is considering or will consider several cyber bills.
Sen. Tom Carper (D-Del.) is expected to re-introduce his update to the Federal Information Security Management Act. The CIO source says agencies have reviewed the bill and it would create an Office of Cybersecurity in the White House and specify where it sits.
Sen. Jay Rockefeller (D-W.Va.) recently introduced a cyber bill to better protest critical infrastructure and creates an Office of the National Cybersecurity Advisor within the White House, who will serve as the lead official on all cyber matters, coordinating with the intelligence community, as well as the civilian agencies.
“The cyber review is getting a head of steam on the Hill,” the CIO says. “The big question is how will the bills mesh with the existing infrastructure, including CIOs and chief information security officers.”
The White House offered little new details about its cyber review. White House spokesman Robert Gibbs says in a release the report outlines the beginning of the way forward in building a reliable, resilient, trustworthy digital infrastructure for the future.
“It provides to the president recommendations regarding an optimal White House organizational structure to address cyberspace-related issues and includes an action plan on identifying and prioritizing further work in this area,” Gibb says. “After the president has had an opportunity to carefully review the group’s report, we will begin discussing the results.”
Van Hitch, the Justice Department CIO, says the CIO Council offered some guidance to the review team on some of the issues important to federal technology community.
“We want to be a part of the policy development before it happens,” Hitch says during a panel discussion at the IRMCO conference. “So many things happen in cybersecurity and sometimes they come down and are hard to swallow. Some have too tight a time frame, sometimes it is not well thought out how well the initiatives fit together and some are not well thought out because we are not involved early enough in the process.”
Hitch adds that the council also mentioned that the importance of cybersecurity for the government must come from President Obama.
“If it is just passed to the CIOs, it’s hard to make happen alone,” Hitch says. “A lot of money resides in the operational part of organization and for us to be effective to implement cybersecurity across the whole department, we need that message to be passed down strongly and consistently through each of our organization. The only way to do that is to make sure it gets enunciated initially and on an ongoing basis how important this is.”
The CIO Council’s Information Security and Identity Management Committee, which Hitch is co-chairman of, also is reviewing all federal cybersecurity policy and guidelines.
Hitch says there is a lot of policy that exists that tells agencies what they have to do.
“We want to come up with some comments for OMB and NIST about some suggestions about how we can make these things more successful and implementable,” he says. “We hope to have these recommendations done this year.”
The committee also is developing a roadmap to expand the use of agency secure identity cards under Homeland Security Presidential Directive 12.
Hitch says agencies need help to use the cards to their fullest extent.