9-11 Commission member urges administration to put teeth in cybersecurity, intel efforts

SAN FRANCISCO?The nation's top cybersecurity official does not have to have an office in the White House to be effective, said Jamie Gorelick, former Justice Department official and member of the 9-11 Commission.

"The White House doesn't have to do everything, but it does need to anoint whoever it wants to do something," Gorelick said at a briefing yesterday at the RSA Security Conference Wednesday.

The job of overseeing cybersecurity now is within the Homeland Security Department. But it has been vacant since October. Some observers want the position to be elevated to an assistant secretary, and some would like to see it moved back to the White House. Neither of those moves is necessary to help to protect the nation's IT infrastructure, Gorelick said.

"It is possible to do the job if the president makes it clear he has asked the secretary [of Homeland Security] to see that this happens," she said.

Gorelick applied the same caveats to the newly created but still vacant position of national intelligence director. The authority of the position will depend on whether the president wants someone in that position to wield authority.

"If he doesn't, he's not going to get anybody worth his salt to take the job," she said.

The difficulty in finding a person to fill the position may reflect concerns about the power that goes with it.

Gorelick also chided Congress on its inability to significantly streamline DHS oversight. She said the cohesion envisioned by Congress in creating a single department to oversee homeland security has not been mirrored in its own structure, resulting in turf wars between congressional committees charged with some degree of authority over the department.

"Congress's inability to reform itself is a tragedy and will undermine any changes Congress itself says should be made," she said.

She painted an unglamorous portrait of the job facing new DHS secretary Michael Chertoff, who was sworn into office on Tuesday.

"The work that he has in front of him is not glorious but the critically important work of bringing the department together and increasing its reach and ability to execute its missions," she said. "This is a largely internal job. They have funding, they have 180,000-plus people, and they have a big job."

She criticized the government for not taking seriously its partnership with the private sector to protect the nation's critical infrastructure. A number of industry information sharing and analysis centers have been established, but so far the results have been disappointing, Gorelick said.

"The government needs to decide if it is going to rely on the ISACs," she said. "If it is not, it should put them out of their misery. If they are relying on them, they should make them as robust as they can be."

That would include providing funding for the organizations to make them more stable and taking less of a hands-off approach, which was calculated to sooth industry fears of government involvement.

"They need to be professionalized," Gorelick said. The centers should be around-the-clock operations with stable leadership and funding and clear requirements for information sharing. "That infrastructure does not now exist."