An influential Republican congressman is pushing back against President-elect Donald Trump’s plan to increase the Department of Defense’s role in defending domestic computer networks.
Trump’s proposal, originally announced in late November, would see the Homeland Security Department take a backseat with regard to the federal government’s private sector cybersecurity efforts. On Thursday, House Homeland Security Chairman Michael McCaul of Texas warned that shifting cyberdefense authorities from a civilian agency to the military would be a “grave mistake.”
“It has come up a lot in transition team discussions,” McCaul said. “I still think that the roles we set forth in the Cybersecurity Act [of 2015], that are in current law, should remain very much in place. It would be a great mistake to change that. I don’t believe that the American people want to militarize our cyberdefenses, domestically, here in the U.S. We have civilian police officers, civilian FBI agency, here in the U.S. We don’t have the military walking through the streets. I think the same principal applies to cyber in terms of you need a civilian agency to defend the nation’s domestic critical infrastructures.”
Once considered a favorite to lead the Homeland Security Department under Trump, McCaul announced plans last month to pursue the creation of a new cybersecurity-focused agency within DHS. The office, McCaul says, would help consolidate the federal government’s disjoined cybersecurity efforts, streamlining existing federal initiatives like the cyberthreat information sharing program, which was introduced via the Cybersecurity Information Sharing Act of 2015.
During a news conference Thursday, McCaul and Sen. Sheldon Whitehouse, D-R.I., unveiled a set of cybersecurity policy recommendations for Trump’s White House. The recommendations, published by the D.C. think tank the Center for International Strategic Studies, are the result of a joint bipartisan working group that included representation from business executives and policy experts.
“I do think it would be a grave mistake to change the roles we currently have where DoD defends the nation from cyberwarfare attacks and the FBI investigates. It would be a mistake to turn over these authorities to agencies that can both spy, investigate and prosecute Americans. I think it is better to leave it to a civilian agency that protects privacy interests and civil liberties. And can share information with the private sector,” McCaul said. “Eighty percent of these threats reside in the private sector. And I think the private sector has a great responsibility to stand up to defend our domestic networks.”
McCaul’s comments regarding private sector accountability echo statements made by Director of National Intelligence James Clapper who testified Thursday in a Senate Armed Services Committee hearing on Russian hacking.
“I think the private sector needs to up its game on cybersecurity and not just wait for the government to provide perfect warning or a magic solution,” Clapper said.
In July, the White House rolled out Presidential Policy Directive 41, or PPD-41, a comprehensive policy framework that directly outlines the roles and responsibilities held by DHS, FBI and DoD as it pertained to cyberdefense and incident response. If Trump were to ultimately increase the DoD’s influence in this space it would counter not only McCaul’s recommendation but also that of the current White House.
McCaul said he plans to introduce legislation to reorganize the Homeland Security Department during Trump’s first year in office. The legislation would be packaged into the larger, pending House National Defense Authorization Act for fiscal year 2017, he said.