By Calvin Biesecker
Several members of the House Homeland Security Committee yesterday said they would back new legislation proposed in the Senate that would give the Department of Homeland Security (DHS) authority to prod other federal civilian agencies to do more to protect their computer networks from cyber attacks.
Reps. Jane Harman (D-Calif.), Peter King (R-N.Y.) and Charles Dent (R-Pa.) all threw their support behind the Protecting Cyberspace as a National Asset Act of 2010 that was introduced last week by the Sens. Joseph Lieberman (I/D-Conn.) and Susan Collins (R-Maine), the chair and ranking members, respectively, on the Senate Homeland Security and Governmental Affairs Committee, and Sen. Tom Carper (D-Del.), a member of the committee (Defense Daily, June 14 and 15).
King, who is the ranking member of the House Homeland Security, said he would be willing to be the lead co-sponsor in the House on the bill to Harman. While the bill will likely change as it moves through the legislative process, Harman said at a committee hearing on cyber security that “at any rate, it will give the government new powers and new focus, and perhaps provide the sustained leadership” that it needs.
In addition to strengthening the position of DHS over the federal civilian agencies with regard to cyber security, the Protecting Cyberspace bill would create Senate- confirmed positions within the department and the White House responsible for cyber security. It would also create a White House Office of Cyberspace Policy to develop a national strategy for cyber security across the entire federal government.
Another aspect of the proposed bill is it gives the president authority in a cyber emergency to protect the nation’s most critical infrastructure for a period of 30 days unless the president extends the time. It also requires Congress to be notified in advance before these emergency powers are exercised.
Stewart Baker, a partner with the international law firm Steptoe and Johnson LLP and a former assistant secretary for Policy at DHS under the Bush administration, lauded the new Senate cyber bill. Regarding its provisions related to the private sector, he said the legislation avoids “heavy handed regulation by saying we’re going to pick out the most critical infrastructure” and set performance requirements and standards that can be met in different ways and then require a reporting of incidents.
This is “an authority that clearly when you look at things like the financial meltdown [in 2008] or the BP oil spill, the president has to have and he doesn’t really have in this area,” Baker told the committee.
Baker did hit the Obama administration for not having a “sense of urgency” with regard to cyber security, particularly in the private sector where most of the critical infrastructure is. He told King during the hearing that Obama needs to take ownership of cyber security, which in turn will make it a priority throughout all of government.
Yesterday’s hearing on cyber security followed one on Tuesday by the Senate Homeland Security and Governmental Affairs Committee in which Collins provided advance news of a DHS Inspector General (IG) report issued as part of the House meeting (Defense Daily, June 16). Richard Skinner, the DHS IG, testified yesterday that the office within DHS responsible for protecting the federal network infrastructure needs more authority to ensure that federal civilian agencies comply with its guidance.
That authority is currently lacking. Without it, other agencies view guidance from the U.S. Computer Emergency Response Team (US-CERT) as requiring them to possibly cut something from their budget to make room for a cyber security upgrade, Baker said. That’s not something an agency will do unless they are compelled to, he added.
Skinner also said that US-CERT has insufficient staff to perform its missions. DHS is in the process of hiring additional employees to work on cyber security.