Chairwoman Maloney Issues Statement on GAO Report Warning Cybersecurity Response Lacks Leadership
Washington, D.C. (Sept. 22, 2020)—Today, Rep. Carolyn B. Maloney, the Chairwoman of the Committee on Oversight and Reform, issued the following statement after the Government Accountability Office (GAO) issued a new report warning of the lack of cybersecurity leadership in the White House:
“Today’s new report from the Government Accountability Office warns of another gaping vulnerability created by President Trump’s failure to take seriously the threats our nation faces. Cyberattacks are one of the top threats to our nation’s critical infrastructure, safety, and economic security. According to GAO, the White House lacks clear leadership in implementing the nation’s cybersecurity strategy, particularly in light of the Administration’s elimination of the White House Cybersecurity Coordinator position in May 2018.
“GAO recommends that Congress consider legislation to designate a cyber leadership position in the White House. I am a proud cosponsor of the National Cyber Director Act – the bill that would do exactly that: restore a cyber coordination and planning function to the White House and provide resources needed to strengthen our cyber defenses.
“With the tragic loss of at least 200,000 American lives to the coronavirus pandemic, we have seen the devastating consequences of the Trump Administration’s leadership failures. I urge the Trump Administration to implement the recommendations in this report immediately and make response to cyber threats a top priority.”
Today’s report provides further support for the need to enact the National Cyber Director Act. In the report entitled, “Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy,” GAO found:
- “The White House’s Leadership Role in Implementing the [National Cyber] Strategy and Ensuring the Cybersecurity of the Nation is Unclear.”
- “[N]one of the discussion of risk in the National Cyber Strategy is in the context of an assessment that included analysis of threats and vulnerabilities . . . . Without a risk assessment, including an analysis of the threats to, and vulnerabilities of, critical assets and operations, the executive branch is unable to adequately make informed management decisions about resource allocations required to minimize risks and maximize returns on resources expended.”
- “In light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the [Cyber Strategy] Implementation Plan, but also holding federal agencies accountable once activities are implemented.”
- “[W]ithout a clear central leader to coordinate activities, as well as a process for monitoring performance of the Implementation Plan activities, the White House cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge.”
- “The executive branch’s leadership of the National Cyber Strategy’s implementation is unclear, even though an implementation plan was developed. … [T]he Implementation Plan assigned cybersecurity-related activities to federal entities. However, neither the strategy nor the Implementation Plan articulate how the White House can hold these entities accountable for accomplishing their assigned activities.”