Lawmakers attack cybersecurity on multiple fronts

When it comes to cybersecurity and its legislative oversight, members of Congress are all over the map.

Cyber plan due soon

Congress will have a better idea of the Obama administration's cybersecurity priorities with the release of the administration's action plan, which could come as early as this week. The administration’s 60-day review of cyberspace policy, which began in February, raised questions about how the president would organize his office to protect the nation’s digital infrastructure.

However, although people might soon get an answer, it will be only the beginning of a long process, said Melissa Hathaway, who led the review.

In recent weeks, a flurry of bills have been introduced in the House and the Senate, tackling topics such as the security of the power grid, the management of the government’s information technology investments and the White House’s approach for dealing with cyber threats.

The measures are welcome news for cybersecurity experts who have long pushed Congress to focus more on the cross-cutting nature of information technology security.

However, the bills are coming from lawmakers from diverse committees, prompting questions about who on Capitol Hill should have oversight of computer security and how much authority lawmakers should have to oversee the White House’s efforts.

Gregory Garcia, who was assistant secretary for cybersecurity and communications at the Homeland Security Department during the Bush administration, said leaders in Congress should come up with a strategy to handle cybersecurity in a coordinated and comprehensive way that identifies gaps that legislation can fill.

Garcia, who now runs a consulting firm, Garcia Strategies, suggested that congressional leaders could model its approach on the Obama administration’s 60-day review of cyber policy. Then, rather than introduce multiple bills, they could develop omnibus security legislation, he said.

So far this session, lawmakers have introduced legislation attempting to accomplish similar goals in different ways.

For example, Sen. Jay Rockefeller (D-W.Va.), chairman of the Commerce, Science and Transportation Committee, introduced a bill April 1 that seeks to use the Commerce Department’s authorities to improve cybersecurity, in part through increased use of standards from the National Institute for Science and Technology.

Meanwhile, a few weeks later, on April 28, Sen. Thomas Carper (D-Del.), chairman of a subcommittee of the Homeland Security and Governmental Affairs Committee, introduced a bill that also called for greater use of standards for federal IT systems.

However, although both senators call for more continuous monitoring of the government’s information systems, Rockefeller would have the Commerce Department work with the Office of Management and Budget to put a new monitoring system in place. On the other hand, Carper would make it the responsibility of the director of a new National Office for Cyberspace to be part of the Executive Office of the President.

Rockefeller also proposes to create a new White House office, but it would be called the Office of National Cybersecurity Advisor.

The administration is expected to announce whether it will create such an office or adviser when it releases the results of its cybersecurity review in the coming days. (See story, Page 13)

James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, has long urged the creation of an office at the White House to coordinate cyber policy. He said he didn’t think the two proposed versions of the office represented a disagreement over how the new entity should work with the National Security Council. 

“I think what they’re trying to do is send a signal to the White House that [the administration needs] to get their act together and they need to do the right thing when it comes to setting up someone in the White House,” he said. “If the 60-day review comes out and you don’t have the outcome all of us thought was right, I think what you’ll see is then the bills move forward.”
Not all lawmakers are keen on a new office in the White House. During a hearing April 28, Sen. Susan Collins (R-Maine) urged caution when considering a new office out of fear that it would diminish congressional oversight. 

“I think we have to proceed carefully here to make sure that we don’t create a whole new round of turf battles and inadequate congressional oversight and unclear lines of authority,” Collins said.

In another example, Rep. Bennie Thompson (D-Miss.) and Sen. Joseph Lieberman (I-Conn.), chairmen of the House and Senate homeland security committees, introduced bills April 30 that would give the Federal Energy Regulatory Commission more authority to deal with cyber threats to the nation’s privately owned electricity grids. Thompson and Lierberman coordinated their effort, but a day earlier, Rep. Henry Waxman (D-Calif.) chairman of the Energy and Commerce Committee, co-sponsored a similar bill that was introduced by Rep. John Barrows (D-Ga.).

“A lot of the real battles now are going to be fought on Capitol Hill amongst the committees themselves,” Garcia said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group