Apr 7, 2009
As a people, Americans have long harbored suspicions with any one holding too much power. We believe in and hold fast to a checks and balance system, but in a world whose operations function faster than the speed of light 24-7, 365 days a year, finding those safeguards to absolute power will be a tremendous challenge especially when it comes to creating the White House cyber czar.
Here are three initial thoughts on what those checks and balances might be:
Fixed term of office/appointment: The individual selected for the cyber-czar position should serve for a fixed term of office and not be able for reappointment. Much like the FBI Director who has a 10-year term of office, this position should be immune (as much as possible) to the whims of politics and its associated patronage processes. More than who they voted for or made a contribution to, the focus for this job needs to be upon their technical skills, ability operate under pressure, quality of character as much as their management experiences. An ideal term would be between 5-7 years of office so as to get new blood and energies into what can only be described as a grueling position. They (and their family) should also be given all of the security protections accorded to the President by the Secret Service to ensure their overall safety and security as well. Their personal security should never be put in a position where it could be compromised thereby causing further challenges to their job performance.
Compensation: The current federal pay system is a joke and outwardly disingenuous in so many ways. If you are expecting to have a supremely qualified individual to do this all encompassing and demanding job, they should be compensated as such. That means giving the cyber czar and those in the positions that serve this office, salaries and compensation packages that are on par with the private sector. This echoes a recommendation made by which called for the salaries of cyber related personnel to be raised significantly. I’ve long felt that salaries for all of DHS’ personnel should be raised to be on better par with the private sector but in terms of the cyber czar and his/her support team, Uncle Sam needs to suspend the federal pay rules and open the wallet fairly wide so to get the best and brightest to do these jobs.
Oversight: With the cyber-czar having enough powers and authorities to make any Hollywood screenwriter salivate at the movie blockbuster possibilities of nefarious government types in sinister operations (think James Cameron’s Terminator movie series), there will be an absolute need to review and monitor these absolute powers and how they are used. Modeling an approach similar to FISA and its 3-judge panels that review surveillance warrants, etc., experts in civil liberties, privacy, constitutional law and technology usage should be empanelled to review, amend and if necessary overturn decisions by the cyber czar.
Additionally, Congressional oversight of this position and its actions also needs to be considered and this may be the biggest challenge of all. Congress has categorically FAILED in its abilities and responsibilities to exercise clear, concise and responsible oversight of homeland security activities. With eighty-eight committees already operating and wanting a piece of the homeland action (and its money and media attention), schizophrenic directions, on-going confusion and over burdensome reporting demands have become the established norm where tough questions, reasonable reporting and accountability should reign. When it comes to cyber security, EVERY Congressional Committee and Subcommittee will declare their jurisdiction on the subject given that cyber is in everything. Such an oversight approach is not a recipe for success; it’s a prescription for assured failure. If Congress abdicates addressing this issue in shaping this position, it will cripple from the start the critical functions of the cyber czar and its operations.
Thankfully we do not create positions with such far-reaching authorities on a regular basis. While expediency is demanded in establishing the cyber czar position given our existing vulnerabilities and the constant threats and attacks we are under by the Chinese, Russians and others, we should not rush blindly into its creation.
Over the past decade we have slammed legislation through without vibrant and well-informed debate on account of unprecedented circumstances (e.g., 9/11 attacks, Katrina, Wall Street meltdowns, etc.) as well as emotional arguments (often over-hyped by the media) that “the sky is falling” and this proposal/legislation is our only solution. As a result we have:
• Had unrealistic expectations that twenty-two federal components can be merged without hiccup and everything will perfectly;
• Passed thousands of pages of legislation that no one has read that hands out tax dollars to underwrite mismanaged companies only to discover that the same dollars will be directed to employee-retention performance bonuses to executives of failing enterprises; and,
• Initiated the largest funding and capitalization of large-scale infrastructure projects without an overarching national strategy; definition of investment priorities; or the requirements by which projects are selected.
We can not afford the same careless approaches when it comes to establishing the cyber czar position and its responsibilities. Give the security implications (international, national, economic, personal, etc.) and the far-reaching powers encompassing this position, the American public deserves a debate with the same care and wisdom that our Framers provided when framing our republic. With any luck (and fervent prayer) that will happen. If not, the consequences could be more dangerous than the threats it is being designed to thwart.
This piece was originally posted on Security Debrief.