Cyber Director Position Remains Vacant: ISA Urges a New Strategy for Cybersecurity

July 5, 2023

In an increasingly interconnected world, cybersecurity has become a paramount concern for governments, businesses, and individuals alike. The Government Accountability Office (GAO) recently published an article titled “Cybersecurity: Actions Needed to Address Challenges and Improve the Federal Government’s Management of Cybersecurity Risks,” shedding light on the critical issues facing our nation’s cybersecurity efforts. To address these challenges, the Internet Security Alliance calls for the swift establishment of the Office of Digital Strategy and Security (ODSS), as proposed in Chapter 5 of the book Fixing American Cybersecurity: Creating a Strategic Public-Private Partnership.

The GAO report emphasizes the need for immediate action to address cybersecurity risks effectively. It highlights the challenges faced by the federal government, most notably the absence of a permanent Cyber Director, which hinders the coordination and management of cybersecurity efforts. Without clear leadership from the ONCD, the broad guidelines provided in the National Cybersecurity Strategy are difficult to implement.

While the Office of the National Cyber Director (ONCD) focuses on coordinating federal cybersecurity efforts, it is not responsible for coordinating a public-private partnership nor for developing a comprehensive cybersecurity strategy across sectors. The ODSS would address this gap, taking on a broader role as a catalyst for collaboration, strategy, and policy development. Using the partnership process, the ODSS would create a truly collaborative and comprehensive digital cybersecurity strategy.

The creation of the ODSS is a crucial step in addressing the issues raised in the GAO report:

1. Leadership and Coordination: The absence of a permanent Cyber Director, as highlighted by the GAO, underscores the urgency for swift action from the federal government. The ODSS, with its strategic focus and cross-sector collaboration, would fill this leadership gap, providing much needed direction and strategy towards effective cybersecurity policy.

2. Public-Private Collaboration: Collaboration between the public and private sectors is paramount in combating cyber threats. The ODSS would facilitate public-private partnerships and would navigate the appropriate roles and responsibilities of the public and private sector according to their competing interests. By bridging the gap between government agencies and private entities, the ODSS strengthens the collective defense against cyber risks.

3. Policy Development and Implementation: The ODSS would play a crucial role in formulating and implementing cybersecurity policies that align with evolving threats. This includes adapting existing market incentive programs to enhance cybersecurity in various industries, presenting practical solutions for the funding needs of national security obligations, improving prosecution of cybercriminals, and synthesizing roles of established government structures to develop a unified and pragmatic national strategy.

The urgency of the cybersecurity landscape demands immediate action from the federal government. The creation of the Office of Digital Strategy and Security (ODSS) is a crucial step towards enhancing our nation’s cybersecurity posture. The organizational model of the ODSS would enable rapid and flexible responses to growing cybersecurity challenges and allow for crafting solutions specific to the needs of each sector. By promoting cross-sector collaboration and developing comprehensive policies, the ODSS can bridge the gap between government agencies and the private sector, ensuring a unified and strategic approach to cybersecurity.

NB: For additional detail on this issue, see “Fixing American Cybersecurity: Creating a Strategic Public-Private Partnership” Chapter 5 “Reinventing Cybersecurity: A Strategic Partnership Approach” by Larry Clinton and Alexander T. Green (Georgetown University Press 2023).

Article: https://www.gao.gov/products/gao-23-106826

PDF of report: https://www.gao.gov/assets/gao-23-106826.pdf