NSA Director Urges Congress to Give DHS Lead on Cybersecurity
Gen. Keith Alexander, National Security Agency (NSA) director and head of the U.S. Cyber Command, said civilian agencies like the Department of Homeland Security (DHS) should take a lead role in coordinating the nation’s cybersecurity effort. Alexander’s comments Monday during a cybersecurity panel hosted by the Woodrow Wilson Center for International Studies contrasted with arguments from some lawmakers that the agency should take a back seat to the Defense Department on cybersecurity issues. Alexander also deflected a question from moderator and NPR host Steve Inskeep about whether the general was concerned that other countries could use cyberweapons deployed by the U.S. military against U.S. assets.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The U.S. cybersecurity effort should be collaborative among agencies with DHS acting as the “entry point for industry,” Alexander said. Ideally the government would rely on a “cyberteam” of agencies like the FBI, NSA, DHS and U.S. Cyber Command, working together to protect computer systems, he said. DHS would coordinate cyberthreat information sharing, the FBI would have the lead for law enforcement threat attribution, NSA would monitor foreign intelligence and Cyber Command would defend against attacks. “Together that team is what I think the American people hold us accountable for doing,” he said.
In March, Sen. John McCain, R-Ariz., and Alexander tussled during a Senate Armed Services Committee appropriations hearing over what role DHS should play in the cybersecurity debate. McCain said that industry members do not need additional regulations from “the most inefficient bureaucracy” he has ever encountered (CD March 28 p7). McCain helped sink the Cybersecurity Act (S-3414) in August when he argued that the bill would harm the U.S. economy, fail to secure its networks and expand the size and reach of the federal government.
Sen. Susan Collins, R-Maine, a lead sponsor of S-3414, said Monday that the NSA has cybersecurity expertise, but it “does not have the relationships with agencies and the private sector and critical infrastructure owners that DHS has.” She also said DHS should take the lead on cybersecurity but legislation is needed to bolster its ability to share cyberthreat information with the private sector. DHS has the authority under the Homeland Security Act of 2002 to protect the security of the computers and systems in the .gov domain, act as a federal cybersecurity liaison to the private sector, and protect certain elements of the U.S. critical infrastructure, she said.
Collins said she hopes that after the election “cooler heads will prevail” in the cybersecurity debate. “Regardless of who wins the presidential election, the problem is only going to get worse. The number of attacks has grown exponentially over the past couple of years and it’s only going to get worse. … As more and more people get educated on the issue and get determined to do something about it, and as more and more companies have the personal experience with a cyberattack … we can build enough public support to get the job done.” Collins said if S-3414 does not pass this year, she was confident that Sen. Thomas Carper, D-Del., will be able to carry the cybersecurity torch from the retiring Sen. Joe Lieberman, I-Conn., into the next session.
Collins again panned a draft cybersecurity order the White House has been circulating. “I personally believe … that the executive order is a big mistake,” she said. “First of all the executive order cannot grant the liability protections that are needed in order to encourage more participation by the private sector … in addition, an executive order is not lasting and does not reflect a consensus by Congress on what should be done. … I fear that it actually could lull people into a false sense of security that we have taken care of cybersecurity and the executive order simply cannot do that,” she said.
Anthony Romero, executive director of the American Civil Liberties Union, said he agreed that a cybersecurity executive order can’t be the long-term solution to the cybersecurity problem. “In addition to the fact that this needs a thorough debate and both houses of Congress engaged with a piece of legislation that could outlast the president, any action by any occupant of the White House on an executive order that mandates the collection of data across federal agencies worries me,” he said. The White House shouldn’t issue an order “just because the president may be a bit frustrated by the gridlock in Washington,” he said.
Giving DHS the lead role in the government’s cybersecurity approach is essential, said Romero. “The thing I am most interested in is that there is proper oversight and accountability in how we share information from private sector to government. The Department of Homeland Security being in the saddle at the center of making that happen is critical,” he said. “We are not capable of the same kind of oversight if it was based in the Pentagon.”