Lawmakers want DoD to parse cyber roles, explore partnerships with CISA and colleges
It’s the second time in the past week that Congress has introduced language directing a federal department to clarify its internal cyber hierarchy. During a House Armed Services Committee markup of the National Defense Authorization Act, the committee adopted an amendment from Rep. Don Bacon, R-Neb., that would require the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) to sketch out roles and responsibilities in cyberspace for each component agency and clarify how those roles would interact in the face of an incident response engagement within the federal government.
Tatyana Bolton, policy director for cybersecurity and emerging technologies at R-Street who was also a senior advisor to the Cyberspace Solarium Commission, told SC Media that internal coherence on cybersecurity activities between component agencies under the same department is a real problem within the federal government and the military specifically.
“As it is with anything, this is about power and access. Most major agencies have not just one office, but multiple offices that handle cybersecurity, and not one, but multiple leaders vying to be the ‘principal advisor’ for cyber. Nowhere is that struggle more real than in the DoD, given their enormous breadth of responsibility,” said Bolton.
While Chris Inglis, the first appointed director, has made it his mantra to further spell out cybersecurity roles inside and outside of government, Bolton said within DoD, it’s still largely a turf battle between two components that have the most influence over cyber operations: U.S. Cyber Command and the Office of the Secretary for Defense for Policy.
“Resolving this issue isn’t as easy as requesting a congressional report, but I applaud Congress for trying,” she said.