President Donald Trump eliminated the job of the nation's cybersecurity czar on Tuesday, and Democratic lawmakers immediately introduced legislation to restore it.
Trump signed an executive order rearranging the federal information technology infrastructure that includes no mention of the White House cybersecurity coordinator or of a replacement for Rob Joyce, who said last month that he is leaving the position to return to the National Security Agency, where he previously directed cyberdefense programs.
"Today's actions continue an effort to empower National Security Council senior directors," the National Security Council said in a statement, according to Reuters. "Streamlining management will improve efficiency, reduce bureaucracy and increase accountability."
Related
Politico first reported the elimination of the job on Tuesday. The White House and the National Security Council didn't reply to requests for comment about the decision, which came on the same day a major computer security report again found government systems to be the least secure among all industries.
John Bolton, Trump's new national security adviser, has widely been reported to have sought to eliminate the job as part of a top-to-bottom reorganization of the National Security Council. Joyce and his predecessors reported to the president; the senior NSC directors report to Bolton.
Top Democrats on Capitol Hill reacted harshly to the decision. In a statement, Rep. Bennie Thompson of Mississippi, ranking Democrat on the House Homeland Security Committee, criticized Bolton for "already wreaking havoc on the National Security Council."
"With cyber threats ever-changing and growing more sophisticated by the day, there is no logical reason to eliminate this senior position and reduce the already degraded level of cyber expertise at the White House," Thompson said.
Sen. Mark Warner, D-Va., vice chairman of the Intelligence Committee, said Tuesday: "We should be investing in our nation's cyberdefense, not rolling it back."
"We also need to articulate a clear cyber doctrine. I don't see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats," Warner said on Twitter.
Two Democratic House members, Jim Langevin of Rhode Island, a co-founder of the Congressional Cybersecurity Caucus, and Ted Lieu of California, a member of the Judiciary subcommittee on homeland security, quickly introduced a bill to restore the position, giving it extra authority as head of a National Office for Cyberspace, subject to Senate confirmation.
In a statement, Langevin and Lieu called Trump's decision "an enormous step backwards to deemphasize the importance of this growing domain within the White House."
Lieu said in a statement: "The decision to eliminate the top White House cyber policy role is outrageous, especially given that we're facing more hostile threats from foreign adversaries than ever before."
Similarly, Chris Painter, the State Department's coordinator of cyber issues under President Barack Obama — who created the White House position in 2009 — called Trump's move "a tragedy."
"Structure isn't everything but structure speaks to priority and ability to drive decisions and coordinate oft disparate views," Painter said on Twitter. "Every study, commission or other review suggested higher not lower placement."
The Computing Technology Industry Association, a nonprofit trade group with operations in more than 120 countries, also asked Trump to reconsider.
"A cohesive and comprehensive cybersecurity strategy across all agencies within the federal government can only be accomplished when there is one office specifically tasked with coordination," said Elizabeth Hyman, the association's executive vice president.
The decision comes as CA Veracode, a software testing service used by large corporations and numerous federal and state government agencies, released its closely watched State of Software Security report for 2017 (PDF) on Tuesday.
As it has in previous years, the report found that applications developed by government agencies are the least secure when compared to those of other industries, with almost half of all government programs showing evidence of cryptographic weakness (48 percent) and a form of malicious attack called cross-site scripting (49 percent).
"The numbers for vulnerability prevalence on first scan shows that government was in worst place in nearly every category," said Veracode, a division of CA Technologies, one of the world's biggest systems software companies.
Laura Paine, the company's public and analyst relations manager, said that many agencies are still developing their applications with older programming languages known to be vulnerable and that many of them aren't vigilant about addressing flaws. She cited inflexible government acquisition regulations that "may not always reflect modern best practices" as a possible key explanation
"We continue to see the same trend year-over-year with only slight improvements," Paine said.
Special counsel Robert Mueller is investigating whether Russia interfered in the 2016 presidential election. Mueller signaled early this year that computer crimes could be a focus of his investigation when he appointed Ryan Dickey, a former Justice Department computer crime specialist, as a member of his team.