Louisiana Congressman Cedric Richmond calls for an end to intra-agency “turf wars” over cybersecurity responsibility

The (ISC)2 Security Congress has come at a “pivotal time” for the US and global economies, says Congressman Cedric Richmond, who opened the event in New Orleans yesterday.

In a no-holds-barred keynote, Congressman Richmond said the White House is not providing adequate leadership to help tackle the increasingly sophisticated array of cyber-threats, which last year wiped more than $450 billion from the global economy and saw the theft of more than two million personal records in the US alone.

With these daunting figures in mind, it’s clear that much more needs to be done to protect the US economy, critical infrastructure, intellectual property, and the personal freedom of its citizens, he said.

The Congressman, who has represented the Louisiana Second Congressional District in the US House of Representatives since 2011, outlined three key areas for improvement – and top of the list was the need for increased cooperation between government stakeholders.

“Federal, state, and local governments must be structured and funded to properly protect against, investigate, and remove malware on their systems and to serve as effective cyber defense partners with the private sector,” said the New Orleans native.

“That means we need meaningful leadership from the top; clear rules and responsibilities within the government; and a comprehensive understanding of cyber threats across critical infrastructure sectors.

“Unfortunately, this White House isn’t providing that leadership now, and is not positioned to do so moving forward.”

The Congressman added: “Last month the White House released the National Cyber Strategy, which lays out at a high level the administration’s approach to cybersecurity.

“While issuing the strategy was a positive development, it is largely a continuation of previous policies. Moreover, it fails to address one of the major obstacles to cybersecurity – the settling of inter-agency turf wars that have hamstrung cybersecurity for well over a decade.”

Aside from these ongoing leadership issues, Congressman Richmond said the US must cultivate a “robust cybersecurity workforce” to support both the public and private sectors.

“Too often, we look at this 21st century challenge through a 20th century lens,” he noted. “We assume everyone needs a four-year degree and a hard science background to be successful in the cybersecurity field. But that’s just not true.

“It’s time to move beyond that way of thinking, and open opportunities to candidates with non-traditional backgrounds.”

He also stressed the need for the government to strengthen its partnerships with the private sector and educate the public on good cyber-hygiene practices.

“Defending against evolving cyber-threats requires a full-court press,” he stated. “We can’t afford to have anyone sitting on the bench.”

While the Congressman said there “may not be an end in sight” to the longstanding executive branch turf wars, he expressed hope that Congress will soon act to better position the Department of Homeland Security (DHS) to be a leader on cybersecurity.

“Just last week, I co-authored HR 3359 – the Cybersecurity Infrastructure Security Agency Act – and that passed the Senate. This not only rebrands the National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency, but also streamlines and clarifies the agency’s structure to
enhance its abilities to execute its mission and deliver services.

“I expect the House to pass this bill as soon as we return to Washington and send it to the President’s desk for a signature, so that it can become law before the end of the year.”

More positive movement came with the confirmation of Chris Krebs in June to head DHS’ cyber arm, along with the recent launch of the National Risk Management Center.

“The new center should help create and strengthen public-private partnerships across critical infrastructure sectors,” said Congressman Richmond.

“I am cautiously optimistic about the center’s potential, but we know how important it is for agencies across the federal government to support it and cooperate with the Department of Homeland Security.”

Looking ahead, the Congressman said he is considering legislation to provide separate grant funding to help shore up the cyber-defense capabilities of state and local governments, which continue to fall victim to high-profile hacks and malware outbreaks.

“Less than half of US businesses are prepared for cyber-attack, and small businesses are struggling the most,” he noted. “With losses on this scale, every single one of us has skin in this game, and we need to act like it.

“The Secretary of Homeland Security recently warned that the next attack of the magnitude of 9/11 won’t involve airplanes – it will be a cyber-attack.

“Secretary Nielsen and I may not agree on everything – or many things – but we agree on this: the types of security threats confronting the US have changed, and we have no choice but to adapt.”

The (ISC)2 Security Congress continues through Wednesday.