Security news that informs and inspires

Cybersecurity Czar Job to Remain Vacant

The White House is not planning to fill the vacant position of cybersecurity coordinator, a decision that leaves the United States without a designated leader on information security issues for the first time in nearly 20 years.

The cybersecurity coordinator has been a member of the National Security Council, the body that advises the president on all matters of national security. Most recently, Rob Joyce had filled the position, but Joyce left last week to return to a role at the National Security Agency. Joyce had served previously as the head of NSA’s Tailored Access Operations unit, the group that runs offensive operations against foreign targets, before moving to the role at the White House when President Trump took office. Responsibility for cybersecurity issues reportedly now will rest with other NSC staffers.

The decision not to replace Joyce comes at a time when cybersecurity is among the top concerns for the U.S., with serious threats against the government and enterprises looming from foreign governments as well as from organized cybercrime groups. It’s not clear whether this decision is temporary or whether the administration plans to eliminate the cybersecurity coordinator position for good, but the move did not sit well with some members of Congress.

“We face threats from foreign adversaries and bad actors around the globe, and these threats are only going to get worse,” Sen. Mark Warner (D-Va.) said on Twitter Tuesday.

“Here’s the point: we should be investing in our nation’s cyber defense, not rolling it back. We also need to articulate a clear cyber doctrine. I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats.”

Meanwhile, a pair of Democrats in the House of Representatives introduced a bill Tuesday that would create a new National Office for Cyberspace and establish a director-level position that would lead the office. That director would be confirmed by the Senate. The director would be responsible for “coordinating the defense of information infrastructure operated by agencies in the case of a large-scale attack on information infrastructure, as determined by the Director”.

“We have had three excellent cybersecurity coordinators since the late Howard Schmidt originated the position. It is an enormous step backwards to deemphasize the importance of this growing domain within the White House,” said Rep. Jim Langevin (D-R.I.), one of the sponsors of the bill.

“We need a designated expert to harmonize cyber policy across the many agencies in government with responsibility in this space. We also need clear communication of Administration positions on cybersecurity challenges, whether during major incidents or when establishing norms of responsible state behavior in cyberspace.”

The other sponsor of the bill, known as the Executive Cyberspace Coordination Act, Rep. Ted Lieu (D-Calif.), said eliminating the role of a designated cybersecurity coordinator in the White House could weaken the country’s defenses.

““This move impedes our country’s strategic efforts to counter cybersecurity threats against our country. Fortunately, our bill will fill in those holes in government cybersecurity oversight by creating a National Office for Cyberspace in the White House. A coordinated effort to keep our information systems safe is paramount if we want to counter the cyber threats posed by foes like Russia, Iran and China. To do anything less is a direct threat to national security,” Lieu said.