Federal cybersecurity efforts need clear responsibility, urgency and leadership
While some have argued DHS should be responsible, the experience of recent years has shown that DHS cannot and should not be expected to prevent cyber attacks across the federal government; funding issues, turf wars, and information gaps contribute to the impossibility of such a mission. Each agency is its own silo, with its own networks, budget, procurement processes, and unique challenges. The cybersecurity buck for each agency should stop with the head of the agency.
Congress should then be rigorous in exercising oversight to ensure that agencies are meeting security standards and complying with the law. With clear responsibility and accountability will come true urgency and real action. Just as today’s CEOs must understand cyber threats facing their corporations, instill security values in their employees, and allocate proper funding to secure networks to prevent attacks that could cost them their jobs, so too must our cabinet-level officials take personal ownership of their agencies’ cybersecurity. For the federal government to prevail, cybersecurity must become an across-the-board issue, with each agency striving to maintain security in a culture of awareness and preparedness.
There is no silver bullet to the complex problem of cyber attacks on the federal government, but identifying who is responsible and prodding them to act through legislation and oversight is a first step to stop the bleeding.
James Norton is a homeland-security and public-safety policy expert. He has served as a senior defense-industry executive and as Deputy Assistant Secretary of the U.S. Department of Homeland Security in the Office of Legislative Affairs. He is an adjunct professor at Johns Hopkins University, teaching courses on cyber, homeland security and the legislative process. He has been lauded on both sides of the aisle for his pragmatic approach to the issues. Follow him on twitter @jamesnorton99
