recommended reading

Who’s Really in Charge of Federal Cybersecurity and Is It Time for a White House CISO?

Orhan Cam/

In the wake of devastating breaches of sensitive government data, is it time for the White House to appoint a high-level official whose sole responsibility is hunting down cyber intruders in federal agency networks?

That’s what Richard Bejtlich, chief security strategist for FireEye, told members of the House Armed Services Committee during a hearing Wednesday.

For more than a decade, the federal government has had a federal chief information officer, and President Barack Obama fulfilled a campaign by appointing the first U.S. chief technology officer in 2009.

But high-profile cyber incidents at the Office of Personnel Management, the Postal Service, the State Department and even the unclassified networks at the White House haven’t led to a grand rethink of the government’s cyber org chart.

“This is similar to the situation of many private sector businesses before a breach, but after a breach they quickly change,” Bejtlich said. “Thus far, the government has not changed. We still don't have a U.S. CISO.”

Bejtlich was one of several outside experts asked to evaluate the Pentagon’s April 2015 rewrite of its cybersecurity strategy. Bejtlich said his proposed federal CISO would have oversight of civilian networks but stay out of DOD’s way. DOD and the intelligence community are already doing fairly well at continuously probing their networks for intruders, he said.

"This is a culture shift that needs to take place in the rest of the government, in the civilian side of the government,” Bejtlich testified. “And that would be my initial mandate to the federal CISO . . . to bring that culture of going out there and looking for intruders in the federal networks as opposed to continuing to build higher walls.”

The proposal envisioned by Bejtlich would put the U.S. CISO in charge of a “Federal Computer Incident Response Team,” or FedCIRT, according to his prepared testimony. The team’s goal “would be to hunt for intruders in nonintelligence, nondefense networks, and conduct joint incident response and recovery operations with the affected departments and agencies.”

The federal government’s cybersecurity duties are notoriously Balkanized.

Current federal policy puts the Department of Homeland Security in charge of securing the dot-gov domain. DHS also operates a governmentwide 24-7 cyber watch floor and deploys its U.S Computer Emergency Management Team when agencies detect a breach.

But the White House’s Office of Management and Budget also oversees agencies’ compliance with the Federal Information Security Management Act.

The White House cybersecurity coordinator, or “cyber czar,” sits on the National Security Council and advises the president on cybersecurity matters but does not set policy or control a budget.

Lawmakers spot a leadership vacuum in the tangle of roles and responsibilities.

The government lacks a point person with the authority “to reach across government to compel departments to do what they need to close cyber vulnerabilities,” said Rep. Jim Langevin, D-R.I., during the hearing Wednesday. "Right now, we do not have anyone in charge ostensibly in that respect.”

(Image via Orhan Cam/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.