White House axes cyber czar role; DHS unveils new cybersecurity strategy

Even as Homeland Security released a new strategy for identifying and managing cybersecurity risks, the White House axed the cybersecurity coordinator position on the National Security Council because they said the role is no longer considered necessary.

Meanwhile, when releasing the new DHS comprehensive cybersecurity strategy (pdf), Homeland Security Secretary Kirstjen Nielsen said, “The cyber threat landscape is shifting in real time, and we have reached a historic turning point. Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself.”

That may well be true, but with the Trump administration eliminating the cyber czar’s role, it could send the wrong message to nation-state attackers; adversaries may believe the White House doesn’t take cybersecurity very seriously. Which is it? Do cyber adversaries threaten the very fabric of our democracy or is cybersecurity so unimportant that others on the National Security Council team can pick up the slack created by not filling the White House cyber coordinator’s position?

National Security Council (NSC) spokesman Robert Palladino released this statement:

“The National Security Council’s cyber office already has two very capable Senior Directors. Moving forward, these Senior Directors will coordinate cyber matters and policy. As they sit six feet apart from one another, they will be able to coordinate in real time. Today’s actions continue an effort to empower National Security Council Senior Directors. Streamlining management will improve efficiency, reduce bureaucracy and increase accountability.”

U.S. lawmakers respond to decision to cut cyber czar role 

That didn’t cut it with lawmakers. Instead, it caused immediate blowback. Sen. Mark Warner (D-Va.) tweeted:

Mr. President, if you really want to put America first, don’t cut the White House Cybersecurity Coordinator — the only person in the federal government tasked with delivering a coordinated, whole-of-government response to the growing cyber threats facing our nation. https://t.co/MRkwA8et7y

— Mark Warner (@MarkWarner) May 15, 2018

Here’s the point: we should be investing in our nation’s cyber defense, not rolling it back. We also need to articulate a clear cyber doctrine. I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats.

— Mark Warner (@MarkWarner) May 15, 2018

Democratic Congressmen Jim Langevin and Ted Lieu introduced a bill to save the cybersecurity coordinator position by “creating a permanent director of cybersecurity policy at the White House.”

“The decision to eliminate the top White House cyber policy role is outrageous, especially given that we’re facing more hostile threats from foreign adversaries than ever before,” Lieu said. “This move impedes our country’s strategic efforts to counter cybersecurity threats against our country.”

Fortunately, our bill will fill in those holes in government cybersecurity oversight by creating a National Office for Cyberspace in the White House. A coordinated effort to keep our information systems safe is paramount if we want to counter the cyber threats posed by foes like Russia, Iran and China. To do anything less is a direct threat to national security.

DHS rethinks its cybersecurity strategy

Going back to Homeland Security’s new cyber strategy, DHS’s Nielsen said it was “rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defense of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”

The actual strategy touches on the risks introduced by the growing number and variety of IoT devices, as more than 20 billion are expected to be connected to the internet by 2020, the low cost of malware kits available on the dark web, the growing use of end-to-end encryption, the popularity of cryptocurrencies and anonymous networks. It emphasizes reducing threats and vulnerabilities, more information sharing and “countering illicit uses of cyberspace” with “enhanced law enforcement coordination and engagement.” It also discusses “new processes to ensure accountability” and the consequences for federal agencies which fail to adopt cybersecurity best practices.

DHS said its “five-part approach to manage national cyber risk” is “aimed at ensuring the availability of critical national functions and fostering efficiency, innovation, trustworthy communication, and economic prosperity in ways consistent with our national values and that protect privacy and civil liberties.”

Ironically, when DHS Secretary Nielsen appeared before the Senate Homeland Security Committee and was asked about the White House cutting the NSC cyber coordinator position, she claimed not to have discussed that with national security adviser John Bolton. Yet Homeland Security’s new cybersecurity strategy “was done in ‘close coordination’ with NSC,” as she and Bolton worked “hand in glove” on the cybersecurity strategy.