Former Secretary of Defense Robert Gates unleashed a scathing assessment Thursday of the U.S. government’s handling of national cybersecurity policy, blaming bureaucratic turf battles and a dysfunctional Congress for the lack of progress on information sharing and critical infrastructure protection.
Speaking at the third annual SAP NS2 Solutions Summit in Falls Church, Virginia, Gates said the nation faces a real dilemma reconciling competing values and priorities when it comes to cybersecurity. But responsibility for the lack of meaningful progress on cybersecurity falls squarely on a hyperpartisan Congress that in the aftermath of 9/11 created a federal bureaucracy that sometimes operates beyond the control of the president and the cabinet.
“The country faces a situation where the Defense Department, with Cyber Command, NSA and other related organizations, has nearly all of the assets and capability in the cyber arena but limited legal authority to deploy them at home,” Gates said. “Correspondingly, the Department of Homeland Security has few assets, capabilities and experience in this area, but the statutory responsibility for protecting the U.S. domestically against cyberattacks. To fashion a brand new ACLU-approved NSA for domestic surveillance and cybersecurity is simply not plausible. There isn’t enough time, there isn’t enough money and there isn’t enough human capital.”
Gates described dealing with Congress as one of the worst experiences of his time in government. And he made it clear he is no fan of the new Office of the Director of National Intelligence and homeland security structure put in place in the aftermath of the Sept. 11, 2001, terrorist attacks. “When Congress takes it upon itself to remedy past deficiencies by cobbling together new executive branch organizations, well that’s how we ended up with the DNI and DHS in the first place,” Gates said.
One of the major cybersecurity initiatives proposed by Gates and former Secretary of Homeland Security Janet Napolitano and approved by the president in 2010, could have helped better align U.S. cybersecurity capabilities and protect critical civilian and military networks, Gates said. But today, that effort is essentially a failure, he said.
During the summer of 2010, Gates and Napolitano agreed it would be faster and cheaper to make sure that DHS could effectively leverage NSA cybersecurity and threat-detection systems rather than expect DHS to replicate those capabilities. The relationship Gates forged with Napolitano led to the signing of a cybersecurity memorandum of understanding between DOD and DHS. Gates considers the agreement a major achievement.
“With the interagency apparatus mired in bureaucratic squabbles and stalemate, in the summer of 2010 Janet and I worked out a memorandum of understanding between the Department of Defense and DHS. Under the new rules, the Secretary of Homeland Security would appoint a separate deputy director of NSA, who would have the ability to task the agency in real time on behalf of homeland security to protect domestic targets against cyberthreats or cyberattacks,” Gates said. “The goal was to ensure real time, rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk,” he said.
“The privacy purists weren’t satisfied,” said Gates, “but it’s hard to imagine a workable scenario in which they would be.” The DHS-appointed deputy NSA director would have their own general counsel and legal staff “to ensure that firewalls were in place” between actions taken to protect the domestic cybernetworks and NSA’s foreign intelligence capabilities, Gates said.
Gates and Napolitano took the memorandum directly to President Obama, who approved it in October of that year, “despite the inevitable gnashing of teeth by bypassed cabinet departments and White House staff,” said Gates. “I wish I could stand here and proclaim that we had a great success. And as crazy as it may sound to someone who’s not been in government, just because the president of the United States, the Secretary of Defense and the Secretary of Homeland Security want something done does not mean that it will actually get done…especially when the first instinct of folks in the middle and upper levels of agencies may be inclined to renew old turf battles or climb on old hobby horses,” the former Defense secretary said.
“Napolitano and I briefly in the summer of 2010 parted the bureaucratic Red Sea. But the waters have long since crashed back together, drowning our initiative, leaving us essentially at square one.”