Bill would elevate cybersecurity chief at DHS
- By Diane Frank
- Sep 20, 2004
Department of Homeland Security Cybersecurity Enhancement Act of 2004 (H.R. 5068) (PDF)
After nearly two years of debate by government and industry officials, House lawmakers introduced a bill last week that would raise the profile and power of the federal government's cybersecurity chief.
The Homeland Security Department Cybersecurity Enhancement Act of 2004 elevates the position of head of the department's National Cyber Security Division within the Information Analysis and Infrastructure Protection Directorate from director to assistant secretary.
The director's position is held by Amit Yoran, who joined the government after a career in the information security industry. Many officials in industry and government have expressed concern that Bush administration officials positioned the center's director too far down in the DHS structure to accomplish the goals of improving security in both the public and private sectors.
In addition to information security, the directorate is also responsible for intelligence analysis and the physical security of the nation's infrastructure, which includes everything from banking to transportation.
In effect, the proposed legislation would put cybersecurity under a brighter spotlight within the department. An assistant secretary would be in a better position to coordinate and influence cybersecurity across different agencies and functions.
"Our legislation will strengthen the department's cybersecurity efforts and make sure the appropriate person within DHS has the authority and direction to get the job done," said Rep. Zoe Lofgren (D-Calif.) in a statement.
Lofgren is co-sponsoring the bill with Rep. Mac Thornberry (R-Texas), chairman of the Select Committee on Homeland Security's Cybersecurity, Science, and Research and Development Subcommittee.
Industry officials have lobbied for such legislation for some time. Harris Miller, president of the Information Technology Association of America, described Yoran as talented and well-respected in the security community. But lacking access to officials at the highest levels has kept him from being as effective as he needs to be, Miller said.
"This [bill] is a pretty strong signal from members of Congress that the situation has to change," he said.
Bush administration officials have resisted elevating the position because they did not want to remove the security component from the directorate's larger mission.
"Because of the interdependencies between physical and cyber assets, we believe that these two areas should be integrated," said Michelle Petrovich, a DHS spokeswoman.
Such concerns are valid, said Dexter Ingram, director of information security policy at the Business Software Alliance. Cybersecurity touches every aspect of infrastructure protection, he said. But it is because of those connections that cybersecurity deserves more attention and influence than it currently has, he added.
"The legislation elevates [the position] to assistant secretary," Ingram said. "That means more funds. It means a lot more leadership involved."
Under the bill, the assistant secretary's responsibilities would essentially remain the same as those of the director. The only new responsibility would be oversight of the National Communications System. The move is designed to combine telecommunications and IT operations under one mission.
NCS is supported by an interagency group with representatives from 23 federal departments and agencies. It was transferred from the Defense Department to the DHS directorate last year. During crises, the group coordinates national security and emergency communications for the federal government.
A third component of the bill defines cybersecurity to reflect the emerging convergence of technologies, especially IT and telecom.
The bill is one of several introduced in recent weeks to address shortcomings in DHS and the homeland security mission. There are still other pieces of legislation waiting to be passed, including all but one of the fiscal 2005 appropriations bills.
But Lofgren and Thornberry's bill is another sign that Congress is determined to follow through on recommendations contained in the 9-11 Commission's report, Ingram said.
Dibya Sarkar contributed to this story.
Same duties, more clout
The job responsibilities of the leader of cybersecurity at the Homeland Security Department would change only slightly under a new bill that proposes elevating the position from director to assistant secretary. The current responsibilities include:
Establishing and managing a national cybersecurity response system, the U.S. Computer Emergency Readiness Team.
Coordinating with officials in state and local governments and the private sector to raise awareness about the need to increase security.
Developing mechanisms for sharing information about vulnerabilities and threats among government and private-sector entities.
The new responsibility would involve:
Serving as DHS' primary authority over the National Communications System.