Senate Homeland Security and Governmental Affairs ranking member Susan Collins today called for creating a Senate-confirmed director of federal cybersecurity who would be based at the Homeland Security Department rather than the White House.
Collins, who is drafting cybersecurity legislation, is opposed to creating a White House "czar" to manage cybersecurity efforts, putting her at odds with Senate Homeland Security and Governmental Affairs Chairman Joseph Lieberman.
"Some have suggested that this effort can best be led from the White House. I've reached a different conclusion," Collins said told an audience at an event hosted by the George Washington University's Homeland Security Policy Institute.
"In short, effectively managing government cybersecurity is going to require more than a few staff crammed into a cubicle in the depths of the White House," she said.
The director would lead a cybersecurity center within the Homeland Security Department, reporting both to the department's secretary on daily operations and to the president as the nation's principal cybersecurity adviser, Collins said.
"Some will argue that a single federal department or agency is not muscular enough to direct other federal departments and agencies to actively secure their information technology infrastructure," she said. "But Congress has dealt with complex challenges involving the need for interagency coordination in the past."
Collins likened her proposal to the creation of the National Counterterrorism Center, which Congress authorized in legislation enacted in 2004. By law, the center's director reports to both the president and the director of national intelligence.
"These dual roles provide access to the president on strategic, interagency matters, yet provide NCTC with the structural support and the resources of the office of the DNI to complete the day-to-day work of the center," Collins said. "I'm convinced that a similar construct could improve the security of our civilian information systems and our critical cyber infrastructure."
Congress also should consider giving the cybersecurity director authority to review the information technology budgets of federal civilian agencies, Collins added. "I'm not saying the director should micromanage, but what we've seen too often is that security is an afterthought for too many of our civilian agencies," she said.