AP news offers some fresh details on what we can expect from the latest “czar” in the White House. According to the report, “Melissa Hathaway will carry the title of acting senior director for cyberspace in both the national security and homeland security councils. She led Bush’s Comprehensive National Cybersecurity Initiative, which cost the government about $6 billion this budget year, and has a reputation as a leading expert on cybersecurity issues.” She will conduct a 60-day review of national cyber efforts. No word whether the cyber czar will become a permanent White House office or not.
All this activity is occurring none too soon. A recent article in the National Journal points out that cybercrime and other malicious online activity are skyrocketing.
One issue up for debate will be the role of the Homeland Security Department on cyber issues. Under Bush, the department was supposed to take the national lead on the security side, while the Pentagon took on the task of “offensive cyber” missions. This division made, and still makes sense for two reasons. First, there has to be a lead federal agency. As in every whole-of-government mission, unless there is a unity of effort provided by a guiding intent, chaos follows (see Iraq). That argues for somebody to lead. Second, responding to cyber threats is as much about “operational” missions as making policy, and making policy and directing operations out of the White House never works well for very long (see Iran-Contra). Third, it would be huge mistake to create a “cyber stovepipe” and segregate cyber offense and defense efforts from other national security missions. All this argues for keeping a division of labor with the Pentagon as the quarterback on offense and Homeland Security directing the “home” game.
The impulse of any new Administration is to conduct grand reviews of existing efforts, issue sweeping strategies, centralize management, and reorganize operations and responsibilities. That is a mistake. Such moves are as likely to stunt momentum and slow innovation as they are to achieve any efficiencies of operation. Instead, the Obama Administration’s first priority must be to facilitate cross-talk between the members of the national “cyber team.”
Where the White House can make a big difference is in directing the establishment of some enduring policies and procedures that makes sure everybody on the team knows what is going on.
The Obama Administration’s first priority must be to facilitate cross-talk. Today, those responsible for offensive cyber-security measures (for example, identifying and countering malicious actors) have little contact, familiarity, or collaboration with those working on defensive measures, and vice versa. Likewise, agencies and organizations conducting covert activities have scant interaction with those engaged in “public” programs. This must change. To close gaps, minimize duplication and overlap, facilitate joint action, and build trust and confidence between members of the public-private team, establishing routine and consistent dialogue must be an immediate priority.