McCain Vexed by Gen. Alexander’s Support for DHS Cybersecurity Role
Senate Armed Services Committee Ranking Member John McCain, R-Ariz., was displeased that Gen. Keith Alexander, National Security Agency director and commander of U.S. Cyber Command, said the Department of Homeland Security should have the “lead role” in securing the nation’s domestic infrastructure from cyberattacks. At a Senate Armed Services Committee appropriations hearing Tuesday, McCain said that industry members do not need additional regulations from “the most inefficient bureaucracy” he has ever encountered.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Alexander sided with Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, the leaders of the Homeland Security Committee and sponsors of S-2101, which authorizes DHS to set greater cybersecurity standards for critical infrastructure sectors. Lieberman and Collins also sit on Armed Services. “Defending the nation in cyberspace requires coordination with key government players, notably DHS, FBI and the intelligence community,” Alexander told lawmakers Tuesday. “It is my opinion that we need all three working together as a joint team.”
Alexander laid out the specific roles that each agency has in the nation’s cyberdefense: DHS has the lead for coordinating the national effort to enhance cybersecurity of the U.S. critical infrastructure. The FBI has the lead in detection, investigation, prevention and mitigation response within the domestic arena. The Department of Defense, NSA and Cyber Command lead for detection, investigation and prevention in foreign cyberspace if the nation comes under attack.
But McCain bristled at giving DHS any more power: “Anyone who has been through an airport … has no confidence in the technological capabilities of the Department of Homeland Security."
McCain asked why Alexander thought DHS involvement was necessary if there are already 13,000 Cyber Command personnel focused on securing U.S. cyberspace. “The responsibility for defending the nation against attack lies within Cyber Command,” Alexander said. “I think the lead for working with critical infrastructure and helping them defend and prepare their networks should lie with DHS.” McCain responded: “That’s a curious logic, general, in fact most curious."
McCain warned Alexander that dividing the cybersecurity approach among different agencies would encourage “stove-piping” of the cybersecurity effort. “One of the conclusions of the 9/11 Commission was there’s too much stove-piping in our intelligence community. You're just describing stove-piping, to me, at its ultimate,” McCain said. Alexander responded: “I do not agree with that because this is an integrated network -- it is one network trying to work everything together so it’s just the opposite of a stovepipe.”
Lieberman dismissed McCain’s accusation that the proposed cybersecurity framework between DHS, DOD and NSA amounts to intelligence stove-piping. Gen. Alexander is building “exactly the cooperative relationship with DHS, NSA and FBI that did not exist before 9/11,” Lieberman said at the hearing. Furthermore, the relationship between DHS and DOD was recently “codified in law” by an amendment that McCain and Lieberman added to the National Defense Authorization Act last December, he said.
Lieberman said that McCain’s alternative cybersecurity proposal, the SECURE IT Act (S-2151), “doesn’t provide for defensive preparation” by the private sector. “Look, I know the industry is lobbying against [S-2105]; I think there is a terrible trap here,” Lieberman said. “This is not just a question of regulation of business; this is a protection of our homeland. … Shame on us if we look at this as business regulation; this is homeland security.”
Collins said that S-2105 “isn’t some new bureaucracy” -- rather, it’s “a collaborative effort, and the owners and operators of the critical infrastructure would decide how to meet [cybersecurity] standards. It would not be dictated by” DHS.
Asked about the reported practice of employers asking job applicants for their social network login information, Alexander told Sen. Richard Blumenthal, D-Conn., he thought it was “odd” for employers to ask for such information. Blumenthal and Sen. Chuck Schumer, D-N.Y., have asked the Justice Department and Equal Employment Opportunity Commission to investigate the legality of such requests. (See separate report in this issue.) “My initial reaction is that this doesn’t seem right,” Alexander said. “People should feel free to use [social media networks] and know that they will be protected in using them, both their civil liberties and privacy.”