A Bipartisan Cyber Policy Roadmap for the Next Presidential Administration
In an era where cybersecurity threats loom larger than ever, a new bipartisan report has emerged, advocating for a comprehensive cyber policy roadmap for the next presidential administration. Released by Auburn University’s McCrary Institute, this report outlines a series of recommendations aimed at bolstering the Office of the National Cyber Director (ONCD) to enhance government coordination in addressing pressing cybersecurity challenges. Developed by a task force of 40 former officials from both Democratic and Republican administrations, the report emphasizes the need for a unified approach to cybersecurity that transcends political divides.
The Importance of the Office of the National Cyber Director
Established by law in 2021, the ONCD serves as a critical advisory body to the president on cybersecurity policy and strategy. The report highlights the pivotal role that ONCD has played thus far but argues that to effectively fulfill its mandate, the office requires enhanced authorities and resources. Frank Cilluffo, director of the McCrary Institute, expressed optimism about the potential for bipartisan cooperation on cybersecurity issues, stating, “Maybe I’m pollyannish, but I’m optimistic that this issue will continue to drive similarly in whatever direction the country takes.”
The task force’s recommendations center on strengthening cross-government coordination to “break down silos, enhance information sharing, and create mechanisms for rapid, coordinated responses to cyber threats.” This is particularly crucial given the multifaceted nature of cybersecurity, which intersects with various federal departments and agencies.
Recommendations for Enhanced Coordination
One of the key recommendations is to empower the ONCD as the primary coordinator for cyber incident response. This would involve organizing the efforts of various agencies, including the National Security Agency (NSA), the Defense Department, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and sector risk management agencies (SRMAs). Michael Daniel, a task force member and former cyber coordinator on the Obama administration’s National Security Council, emphasized the necessity of having a centralized function within the White House to manage these diverse efforts.
The report suggests that the next administration should grant ONCD additional authorities to drive interagency coordination, including the ability to influence budget allocations for cybersecurity initiatives across agencies. This would ensure that cybersecurity investments are strategically aligned and effectively implemented.
Strengthening Sector Risk Management Agencies (SRMAs)
While the ONCD’s role is crucial, the report also emphasizes the need to strengthen the SRMAs, which oversee distinct critical infrastructure sectors. The task force recommends establishing clear lines of accountability within these agencies, ensuring that decision-makers have the authority to influence resource allocation and implement cybersecurity measures effectively. Furthermore, developing clear metrics and performance indicators will help assess the effectiveness of SRMAs in improving their sectors’ cybersecurity posture.
The report critiques the Biden administration’s recent national security memorandum-22 for missing an opportunity to revise how agencies approach critical infrastructure. It calls for a reevaluation of the sector structure to better align with the current cyber risk environment and harmonize efforts with NATO allies.
Enhancing the Role of CISA
The Cybersecurity and Infrastructure Security Agency (CISA) plays a vital role in coordinating cybersecurity operations across civilian agencies and serving as the national coordinator for critical infrastructure. Although CISA has seen growth in both authority and resources during the Biden administration, the task force identified ongoing challenges, particularly regarding its ability to compel action from other federal agencies and streamline engagement with the private sector.
To strengthen CISA, the report recommends providing adequate funding for its operational systems and managed services offerings for federal agencies. Additionally, clarifying the agency’s roles and responsibilities will help avoid duplication with other agencies while ensuring it has the necessary authorities, resources, and staffing to fulfill its mission effectively.
A Call to Action for the Next Administration
The task force’s recommendations culminate in a call to action for the next presidential administration. Within the first 100 days, the ONCD should lead a “whole-of-government” effort to harmonize cyber regulations, ensuring a cohesive approach to cybersecurity challenges across sectors. Daniel emphasizes the importance of the ONCD’s role in organizing, training, and equipping the federal government to effectively address cybersecurity threats.
In conclusion, the bipartisan cyber policy roadmap presented by the McCrary Institute serves as a crucial guide for the next presidential administration. By strengthening the ONCD, enhancing the roles of SRMAs, and empowering CISA, the government can foster a more coordinated and effective response to the ever-evolving landscape of cybersecurity threats. As the digital world continues to expand, the need for a robust and unified approach to cybersecurity has never been more critical. The time for action is now, and the recommendations outlined in this report provide a clear path forward.