House bill would give DHS authority over private sector networks
From: The Hill
By Gautham Nagesh – 11/18/10 02:12 AM ET
A new bill unveiled Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss.) would give the Department of Homeland Security the authority to enforce federal cybersecurity standards on private sector companies deemed critical to national security.
The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010 authorizes DHS to establish and enforce risk and performance-based cybersecurity standards on federal agencies and private sector companies consider part of the country’s critical infrastructure. Such firms include utilities, communications providers and financial institutions.
The legislation is co-sponsored by Reps. Jane Harman (D-Calif.) and Yvette Clark (D-N.Y.). It will also create a new Cybersecurity Compliance Division within DHS that would make sure organizations comply with the new security regulations. The lawmakers argue DHS has not had sufficient authority or resources to fulfill its mission as the lead federal agency for cyversecurity.
“From a security and good-government standpoint, the way to deliver better cybersecurity is to leverage, modify, and enhance existing structures and efforts, rather than make wholesale bureaucratic changes,” Thompson said in a statement. “This bill will make our Nation more secure and better positions DHS – the ‘focal point for the security of cyberspace’ – to fulfill its critical homeland security mission.”
Unlike the cybersecurity bill that passed the Senate Homeland Security Committee earlier this year, the House bill does not include any provision for a cybersecurity office within the White House. Instead it concentrates authority to prevent and respond to cyber attacks within DHS, where it would be subject to Congressional oversight.
“This bill will provide the DHS with the authority and resources needed to adequately protect our Nation’s cyberspace and infrastructure,” Clarke said in a statement. “I believe the security of our cyber infrastructure is connected to our national security. This bill will protect our country from a growing risk of ‘hacks’ and better allow the Department to fulfill its duties of protecting our nation.”
Cybersecurity legislation is likely to be a tough sell during the lame duck session, particularly in the Senate where there is opposition to concentrating more authority in the hands of the Department of Homeland Security. However, Thompson’s bill is close enough to the Senate Homeland Security bill in its intent that some sort of compromise may be possible if Senate Majority leader Harry Reid elects to bring the matter to the floor before adjourning next week.