Suzanne Spaulding is the senior adviser for homeland security at the Center for Strategic and International Studies. From 2013 to 2017, she was the undersecretary for cybersecurity and infrastructure at the Department of Homeland Security.
In February, Director of National Intelligence Daniel Coats deemed cyberwarfare the No. 1 threat to the United States. Yet this month, new national security adviser John Bolton decided to eliminate the cybersecurity coordinator position on the National Security Council. Bolton’s decision, justified as a move to “streamline” what is asserted to be a “core capability,” instead is likely to downgrade the priority of cybersecurity and leave top national security officials ill-equipped.
The cybersecurity coordinator position, as implemented in the Obama administration, was not perfect. But it provided an essential function on a vital national security issue. There is no evidence the situation has improved so dramatically in the past year and a half that this function is no longer needed. Coordination is important because individual departments and agencies can only do so much.
As the head of cybersecurity and critical infrastructure protection at the Department of Homeland Security, I was responsible for coordinating cybersecurity efforts for the civilian government and the private sector. Virtually every department has some role in these efforts. For example, I worked closely with the deputy secretary of energy and dozens of power company chief executives on plans to secure the electric grid. My team worked with the Treasury Department and other financial regulators on a series of exercises with senior executives from financial institutions to understand and mitigate consequences of cyber-disruption to critical financial services. Our incident response teams often included professionals from other agencies.
DHS used policy and statutory authority to provide guidance, binding operational directives, nationwide exercises and coordinated incident response. But we knew the limitations of one department “coordinating,” let alone directing, the efforts of sister departments. And it is not the role of DHS to develop a comprehensive strategy incorporating every lever available to the president.
A unified cybercapability, including offense and defense, requires White House leadership. Presidential Policy Directive 41, which clarified the roles of DHS, the FBI and the Office of the Director of National Intelligence in responding to significant cyber-incidents, could not have happened without the leadership of the White House cybersecurity coordinator. Moreover, an effective response to a major event or threat needs a senior official