In an opinion column in the Washington Post on Sunday, former Defense Secretary Robert Gates wrote that in the Obama administration, Gates had proposed creating the position of a deputy director at the NSA who would be a DHS cybersecurity official. That official would have the legal authority to ask the NSA to conduct surveillance on domestic networks and defend against ongoing attacks, Gates wrote.
The new position would come with legal restrictions on how the new authority would be used and would be designed to safeguard Americans from unwanted, unauthorized surveillance, Gates said. The proposal was signed off on by then Homeland Security Secretary Janet Napolitano and received the blessing of the Justice Department, but Gates wrote that “the initiative came to naught, mainly because of bureaucratic foot-dragging and resistance.”
Asked whether such a proposal was being considered now, the DHS officials who briefed reporters declined to address it specifically. One official said the administration is conducting an “in-depth lessons-learned exercise” on both the Russian and Chinese attacks and would offer recommendations once it has completed the review.
CISA, which is allowed by law only to provide advisory services to federal, state and local government agencies and U.S. companies, is not in a position to demand any information from agencies and companies that are affected by a cyber attack, leaving that agency also in the dark about the extent of a major attack.
Lawmakers have called for expanding the powers and budget for CISA to make the agency in charge of all federal government networks that operate under the “dot gov” domain, similar to how the U.S. Cyber Command oversees cybersecurity for the U.S. military network.