GAO report calls for White House cyber director

Congress may have to step in to carve out a White House position charged with implementing protective cybersecurity measures.

By Andrea Izzotti shutterstock id 147037244

Centralized, clearly defined leadership will help government enforce cybersecurity policies and respond to breaches, but legislation might be needed to bring that about, according to a new watchdog report.

The Government Accountability Office found there were insufficient leadership responsibilities outlined in the Trump administration's 2018 national cyber strategy and the subsequent implementation plan in 2019 and recommended that Congress restore the White House Cybersecurity Coordinator position or designate another leadership post with policy and budget authority to respond to cybersecurity threats.

"Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation's cybersecurity strategy and ultimately overcome this urgent challenge," states the report released Sept. 22.

"Although [National Security Council] staff is tasked with the coordination of efforts to carry out the National Cyber Strategy and its accompanying Implementation Plan, there is a lack of clarity around how it plans on accomplishing this."

According to the report, the NSC told GAO that "the senior director of the NSC Cyber directorate now fulfills the duties that were previously assigned to the former White House Cybersecurity Coordinator."

The GAO's review, conducted from November 2018 to September 2020, found that the national policies didn't fully define the scope of the threat, lacked risk assessment goals and performance measures. They also failed to adequately address resources, investments, and risk management according to the watchdog agency.

The findings support an ongoing effort to mandate a national cybersecurity director position in the White House that was a key recommendation by the Cyberspace Solarium Commission.

Rep. Jim Langevin (D-R.I.) introduced the National Cyber Director Act in June that would create a Senate-confirmed, national cyber director as the president's principal advisor on cyber strategy and policy. Two deputy positions would also be created, according to the bill, with one charged with planning and operations and the other focused on strategy, capabilities, and budget.