recommended reading

Who’s Really in Charge of Federal Cybersecurity and Is It Time for a White House CISO?

Orhan Cam/

In the wake of devastating breaches of sensitive government data, is it time for the White House to appoint a high-level official whose sole responsibility is hunting down cyber intruders in federal agency networks?

That’s what Richard Bejtlich, chief security strategist for FireEye, told members of the House Armed Services Committee during a hearing Wednesday.

For more than a decade, the federal government has had a federal chief information officer, and President Barack Obama fulfilled a campaign by appointing the first U.S. chief technology officer in 2009.

But high-profile cyber incidents at the Office of Personnel Management, the Postal Service, the State Department and even the unclassified networks at the White House haven’t led to a grand rethink of the government’s cyber org chart.

“This is similar to the situation of many private sector businesses before a breach, but after a breach they quickly change,” Bejtlich said. “Thus far, the government has not changed. We still don't have a U.S. CISO.”

Bejtlich was one of several outside experts asked to evaluate the Pentagon’s April 2015 rewrite of its cybersecurity strategy. Bejtlich said his proposed federal CISO would have oversight of civilian networks but stay out of DOD’s way. DOD and the intelligence community are already doing fairly well at continuously probing their networks for intruders, he said.

"This is a culture shift that needs to take place in the rest of the government, in the civilian side of the government,” Bejtlich testified. “And that would be my initial mandate to the federal CISO . . . to bring that culture of going out there and looking for intruders in the federal networks as opposed to continuing to build higher walls.”

The proposal envisioned by Bejtlich would put the U.S. CISO in charge of a “Federal Computer Incident Response Team,” or FedCIRT, according to his prepared testimony. The team’s goal “would be to hunt for intruders in nonintelligence, nondefense networks, and conduct joint incident response and recovery operations with the affected departments and agencies.”

The federal government’s cybersecurity duties are notoriously Balkanized.

Current federal policy puts the Department of Homeland Security in charge of securing the dot-gov domain. DHS also operates a governmentwide 24-7 cyber watch floor and deploys its U.S Computer Emergency Management Team when agencies detect a breach.

But the White House’s Office of Management and Budget also oversees agencies’ compliance with the Federal Information Security Management Act.

The White House cybersecurity coordinator, or “cyber czar,” sits on the National Security Council and advises the president on cybersecurity matters but does not set policy or control a budget.

Lawmakers spot a leadership vacuum in the tangle of roles and responsibilities.

The government lacks a point person with the authority “to reach across government to compel departments to do what they need to close cyber vulnerabilities,” said Rep. Jim Langevin, D-R.I., during the hearing Wednesday. "Right now, we do not have anyone in charge ostensibly in that respect.”

(Image via Orhan Cam/

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.