Cybersecurity: Believe it or not, the buck should stop at the U.S. Coast Guard

By James Norton

What ever happened to Harry Truman’s famous slogan, “The buck stops here”? Testifying before the Senate this week, the director of the Office of Personnel Management (OPM) stated no one is responsible for the most massive cyber espionage theft in modern history. If that is true, 12 years and billions of dollars have been wasted in the attempt to create a credible cyber operation responsible for securing the federal government’s networks, systems, and data within the U.S. Department of Homeland Security (DHS).

DHS’s first attempt to create a cyber operation was the Infrastructure Analysis and Infrastructure Protection Directorate (IAIP), which was designed to fuse real-time intelligence across the government and private sector. IAIP was a colossal failure, one of the many victims in the understaffed and overburdened department’s turf wars and uphill battle to establish an institutional presence. After IAIP crumbled and broke stakeholders’ confidence in fusing information, DHS began its second attempt, propping up the National Protection and Programs Directorate (NPPD) as the cybersecurity authority.  However, DHS failed to correct the issues that led to IAIP’s demise, and NPPD suffers from many of the same woes.

In the wake of the recent cyberattack on OPM, one component of DHS has stood out as a leader in cybersecurity, but it is not NPPD. Instead, it is the U.S. Coast Guard, which under the leadership of the Commandant Admiral Paul F. Zukunft released a complex cyberstrategy outlining a framework for combatting cyberthreats facing our maritime transportation system and infrastructure. Admiral Zukunft recognized a critical need to defend cyberspace and faced it head on by installing a new cyber command within the Coast Guard staffed by 70 program pioneers. The cyber command will head the Coast Guard’s efforts and weave cybersecurity into its overall mission and operations. This ability to quickly evolve as the world changes is nothing new to the Coast Guard. It has protected mariners for centuries, but—over time—the organizationhas added has drug interdiction and counterterrorism to its tireless efforts.  

While it may sound unorthodox, Congress should task the Coast Guard with managing DHS’s cybersecurity mission and dispense with the NPPD. Recent developments demonstrate the Coast Guard possesses precisely what the NPPD—and the IAIP before it—lack.

The Coast Guard is a heroic organization with a track record of success that spans over two centuries. This stands in sharp contrast to NPPD, which is a new kid on the block and struggles to earn the trust of stakeholders. The Coast Guard possesses a clear chain of command. The Commandant, the undisputed leader, heads an organization of more than 40,000 people, with operational command across the globe.