In case you’ve missed it, there’s been a lot of talking in Washington lately about the need for major changes to the way that information security is handled in the federal government as well as the private sector. So far that talk hasn’t led to much in the way of action, but that may be on the horizon, as lawmakers and members of the Obama administration continue to look at the problems facing the country’s critical infrastructure. A Senate hearing on Tuesday laid out, again, how critical the problem is and what experts believe should be done to fix it.
The hearing, before the Senate Committee on Homeland Security and Government Affairs, centered around the latest call for control of information security to be moved back to the White House. But, as Robert Westervelt at SearchSecurity.com reports, that idea doesn’t have the support of everyone.
The question before lawmakers is whether to create a new office within the White House to oversee cybersecurity matters or give more authority to DHS. Whatever agency is put in charge would need to coordinate cybersecurity on a massive scale, from ensuring that all federal agencies are meeting security standards to defending against and even conducting counter attacks in the event of a massive cyberattack. Those at the hearing were in agreement that something has to be done, but the issue of how to proceed could be hotly debated, said Sen. Susan Collins (R-Maine).
“The issue of reorganization of cybersecurity efforts involves a discussion of oversight and accountability by Congress as well,” Collins said. “Congress’ ability to effectively oversee activities directed to the office of the President is severely limited.”
This looks like it’s doomed for a classic Washington turf battle, which is precisely what we don’t need. Congress wants oversight of the cybersecurity function, about which it knows nothing, a fact that it has proved again and again over the last few years while it has had oversight of DHS, which has struggled in the role of lead cybersecurity agency. Congress has responded by holding dozens of hearings and little else.
It’s time that Congrees listened to some of the experts it calls to testify. Listen to Tom Kellermann (above) and Amit Yoran and the others who have said over and over that the authority on information security needs to reside in the White House. Leadership, not a turf war, is what we need.