Cindi had a column this morning on the new post of cybersecurity chief that the Legislature is adding to the state payroll (maybe the title could be, “Officer in Charge of Closing the Barn Door after the Horses have Run Off”) — or rather, on the outrageous fact that they want this person to be immune from firing by the governor.
As she correctly points out, we have too many state employees like that already — people who don’t really “work for” anyone, since no one can fire them.
There is zero reason to make this particular person independent — unlike, say, the attorney general or the inspector general. Arguments can be made for those. Not for this new post.
Cindi and I have been fighting the Legislature’s aversion to accountability for a lot of years now. So she can be forgiven for winding up into a bit of a rant at the end:
Frankly, I’m willing to trust that politics will keep the governor in line on this one. It’s tough enough for a governor to have to explain that 6.4 million individuals’ and businesses’ Social Security numbers and bank records were hacked because her agency director either didn’t know about or ignored concerns from his own IT people. She certainly doesn’t want to have to explain that we had another breach because she fired the state cybersecurity chief, or cowed him into backing off basic protections.
Truth be told, I’d be more concerned that a governor wouldn’t be aggressive enough if a cybersecurity chief gets out of control.
As much as some legislators are fond of saying that no price is too high to secure our personal information, the fact is that there is always, always more that can be done to provide security, be it for our computer networks or our cities or our businesses or our homes. The fact is that some prices are indeed too high, and it’s the job of our Legislature and our governor, or whoever a cybersecurity director reports to, to balance the risk against the cost, in money and in time.
If you’re going to give union-style job protections to the cybersecurity chief, then why not give them to the governor’s lobbyists — since she might not like it if they tell her that legislators don’t like her? Or to the prison director — since she might not like it if he tells her how much it’s going to cost to keep the prisons safe?
In fact, why not just go back to the way we did things when I moved to South Carolina, when the governor couldn’t fire the directors of any state agencies? When those directors reported to part-time board members who, even if the governor could appoint them, couldn’t be fired.
For that matter, if S.C. governors are that untrustworthy, maybe we ought to go back to the old system whereby the Legislature elected the governor. After all, what’s the point of bothering voters with the matter of electing a governor if the governor has no power to carry out the agenda those voters elected her to carry out?
Or maybe, just maybe, we could decide that government officials should be held accountable for their actions. Maybe we could decide that it’s better to trust that a governor won’t abuse her power over powerful officials than it is to risk that those officials will either get too comfortable in their jobs or else let their power go to their heads, and be less aggressive, or more aggressive, than they ought to be, because they don’t have a boss — and they know they’ve got a job for life.
Amen to all that.