Responsibility for the nation’s cybersecurity is spread piecemeal throughout the government without a single person or agency in charge. That creates dangerous gaps that U.S. adversaries could exploit to hack the government or critical infrastructure, two prominent Senate Republicans told me. Homeland Security Chairman Ron Johnson (Wis.) and Mike Rounds (S.D.), chair of the Armed Services Committee’s cyber panel, are mulling how they might create a centralized government authority for cybersecurity issues. The goal would be an office that could make sure the Homeland Security, Defense and Justice departments are effectively sharing information and working toward common goals, the senators said. For example, the Defense Department, which is authorized to conduct clandestine military activities in cyberspace, might not be as clued in as DHS is to how some of those activities could prompt retaliation against U.S. businesses. Rounds also noted that some parts of the government were concerned for several years that Chinese telecom giant Huawei could use its position inside global telecommunications infrastructure to spy on behalf of the Chinese government — but the U.S. did not act until recently.
“Our role is to make sure we don’t miss the seams between the Defense Department and the Department of Homeland Security, between DoD and the intelligence community,” Rounds told me.
The senators don’t have a firm proposal for what the office would look like and are in the very early planning stages, they both said. Examining the issue probably will be a major focus for the Homeland Security Committee this Congress, Johnson told me.
He’s also open to considering vesting the authority in an existing agency, such as DHS or DoD, he said.
“We need someone in charge,” Johnson repeated several times.