U.S. Sen. Susan Collins (R-ME) seeks to have President Donald Trump prioritize national cybersecurity by hastening release of a long-overdue federal cybersecurity strategy and reinstating an administration-level cybersecurity coordinator position.
“We believe that the nature of the cyber threats facing our nation, their increasing number, and the difficult policy questions they raise lend themselves to a centralized Administration approach,” Sen. Collins wrote in a May 24 letter she penned with U.S. Sen. Martin Heinrich (D-NM).
The lawmakers’ bipartisan letter referred to reports on May 15 that the National Security Council had eliminated the White House Cybersecurity Coordinator position. The position, first created in 2009 by President Barack Obama, was left vacant after Trump’s first coordinator, Rob Joyce, returned in April to the National Security Agency.
“In our view, an empowered cybersecurity coordinator is needed to drive and oversee a comprehensive, White House-issued cybersecurity strategy to include deterrence, defense, and network resilience that coordinates U.S. government efforts across the various departments and agencies,” wrote the senators, who are both members of the U.S. Senate Intelligence Committee.
Sens. Collins and Heinrich urged the president “to prioritize completion and announcement of our nation’s cybersecurity strategy as soon as possible,” and they offered to work with him on getting such a strategy in place.
“A whole-of-government cybersecurity strategy could help facilitate engagement between the private and public sector to make the country’s cyber infrastructure more resilient and secure,” they added.
A just-released May report from the White House Office of Management and Budget (OMB) appears to bolster the lawmakers’ concerns.
Of the 96 federal agencies that OMB and the U.S. Department of Homeland Security (DHS) examined in their security risk assessment, 71 of them (74 percent) “have cybersecurity programs that are either at risk or high risk,” according to the Federal Cybersecurity Risk Determination Report and Action Plan.
“OMB and DHS also found that federal agencies are not equipped to determine how threat actors seek to gain access to their information,” according to the report released on May 30 and originally commissioned by President Trump last May in an executive order on cybersecurity.
“The risk assessments show that the lack of threat information results in ineffective allocations of agencies’ limited cyber resources,” the OMB report says. “This situation creates enterprise-wide gaps in network visibility, IT tool and capability standardization, and common operating procedures, all of which negatively impact federal cybersecurity.”
In other cybersecurity-related news, Sens. Collins and Heinrich were among a bipartisan group that introduced a new version of the Secure Elections Act, S. 2593, to protect the administration of federal elections against cybersecurity threats, according to the congressional record.
U.S. Sen. James Lankford (R-OK) introduced S. 2593 on March 22. Among the cosponsors who joined Sens. Collins and Heinrich were U.S. Sens. Richard Burr (R-NC), chairman of the Senate Intelligence Committee, and Mark Warner (D-VA), the panel’s vice chairman.
The revised S. 2593 would maintain the original purpose of the first bill (S. 2261) to streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; would provide security clearances to state election officials; and provide support for state election cybersecurity infrastructure, according to a summary provided by Sen. Collins’ office.
S. 2593 also would modify reporting requirements for state election offices; transition the election security advisory panel from DHS to the U.S. Election Assistance Commission; and would provide grants to eligible local jurisdictions, among other changes, according to the summary.
S. 2593 is under consideration by the U.S. Senate Rules and Administration Committee.