Senate Bill Eyes Cybersecurity Reform
Creates Cyber Director with Sway Over Agency Infosec Budgets
February 18, 2011
Legislation to establish a White House Office of Cyberspace Policy, with its Senate-confirmed director to have influence over agencies’ IT security budgets, was introduced late Thursday by the leaders of the Senate Homeland Security and Governmental Affairs Committee.The Cybersecurity and Internet Freedom Act of 2011 also would reform the way IT security would be governed in the federal government, emphasizing real-time monitoring of government IT systems and a move away from paper-compliance under the Federal Information Security Management Act of 2002. The bill would require each agency to designate a qualified, senior official as chief information security officer.
The bill also would prohibit the president from employing a so-called “Internet kill switch.” “The term ‘kill switch’ has become the ‘death panels’ of the cybersecurity debate,” Committee Chairman Joseph Lieberman, ID-Conn., said in a statement accompanying the bill. “There is no so-called ‘kill switch’ in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the president. Furthermore, it is impossible to turn off the Internet in this country.”
The bill’s cosponsors are ranking member Susan Collins, R-Maine; and Thomas Carper, D-Del., who chairs a committee subcommittee with IT security oversight.
Among the responsibilities of the director of cyberspace policy would be the review of the IT security budgets of federal agencies. The director would not have veto power over agencies IT security budgets. But the director could submit a new budget to the Office of Management and Budget if her or she feels the one offered by an agency does not meet the goals of the nation’s cyberspace policy.
A survey by GovInfoSecurity.com of government IT security practitioners released this week (see Gov’t Infosec Pros Question Fed’s Security Resolve) at the RSA 2011 IT security conference shows that a majority favor granting a White House cybersecurity director budgeting authority.
A spokeswoman for Carper said most of the provisions in the new bill mirror those found in the comprehensive bill (see Senators Unveil Long-Awaited Cybersecurity Bill) the three senators introduced last June, including: Designating the cyberspace policy director as leading and harmonizing federal efforts to secure cyberspace and developing a national strategy that incorporates all elements of cybersecurity policy, including military, law enforcement, intelligence and diplomacy. The director would oversee all federal activities related to the national strategy to ensure efficiency and coordination. The director would report regularly to Congress in the interests of transparency and oversight.