https://www.cyberscoop.com/national-cyber-director-michael-daniel-white-house-cisa-dhs/
By Michael Daniel
CYBERSCOOP
July 14, 2020
Although the aftershocks of COVID-19 will last for years, one result is
already clear — shifting more activity online has increased our society’s
digital dependence even faster than expected. The federal government’s
cybersecurity capabilities need to keep pace.
Although some Federal agencies, particularly the Cybersecurity and
Infrastructure Security Agency (CISA) at the Department of Homeland
Security (DHS), have made significant improvements over the last few
years, at least three factors impede government-wide progress. First,
cybersecurity’s cross-cutting nature does not fit with the U.S.
government’s bureaucratic structure. Second, agencies are not incentivized
to sustain the degree of coordination required for effective
cybersecurity. Third, a lack of central leadership hinders effective
incident response. No single policy action will solve these problems, but
creating a National Cyber Director along the lines of what the Cyberspace
Solarium Commission recommends would be a good start.
Bureaucracies prefer issues that fit neatly into one organization’s
mission. Cybersecurity is almost the exact opposite. It is a national
security, military, intelligence, economic, public safety, privacy,
diplomatic, law enforcement, business continuity, and internal management
issue all rolled into one. It touches all federal agencies, with many of
them a legitimate role in cybersecurity. Thus, cybersecurity is too broad
for any single agency’s remit. Further, a normal bureaucratic response to
such a situation, creating a “Department of Cybersecurity,” will not work
either; cybersecurity is too integral to too many agency’s missions to
centralize those functions in one department.
At the same time, cybersecurity’s different aspects are not independent —
they interact with each other, sometimes in unexpected ways. Military
cyber operations can disrupt intelligence activities or law enforcement
investigations. Treasury sanctions could upset diplomatic negotiations.
DHS personnel focus on mitigation, while the Federal Bureau of
Investigation and Department of Justice concentrate on prosecution.
Network defenders want information from the private sector, but many are
worried about regulatory action if they share. Welding these disparate
activities into an effective whole requires intense, regular, sustained
inter-agency coordination. This coordination does not occur naturally in
government: personnel have limited incentives to coordinate activities
across departmental and agency lines. That’s not a moral failure or
laziness, but the reality of human psychology.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
