Bill would set requirements for cyber coordinator
House legislation would have White House cyber official review IT security parts of agencies' budget plans
Civilian federal agencies would need to get White House approval for parts of their annual budget plans that relate to protecting information technology under provisions of a new bill in Congress.
The legislation, introduced May 6 and backed by a bipartisan group of senior House lawmakers, would codify requirements for a national cyberspace office in the Executive Office of the President with a Senate-approved director.
Some lawmakers have complained that the White House cyber coordinator position that President Barack Obama created doesn’t require Senate confirmation, thus limiting congressional oversight.
A House insider's view of U.S. cybersecurity policy
Under the legislation the White House cyberspace official would:
- Oversee agency information security policies and practices at agencies.
- Encourage public/private working groups to increase information sharing and policy coordination.
- Coordinate the defense of information infrastructure in the case of a large-scale attack on IT systems.
- Work with officials from other parts of the government to establish a national strategy to engage internationally to set the policies, principles, standards, or guidelines for information security.
- Work with the Office of Personnel Management to coordinate information security training for federal employees.
- Review and approve -- or disapprove -- agencies’ budget proposals related to protecting IT before they’re submitted by the head of the agency to the Office of Management and Budget.
If the cyber director disapproved a budget plan, the official would give recommendations to an agency for fixing the problems. The bill would also let the office recommend to the president that awards and bonuses be withheld from agencies that don’t adequately try to secure their information infrastructure.
The authorities the bill would give to the White House director generally wouldn’t apply to national security systems. The head of the Defense Department and the head of the Central Intelligence Agency, rather than the White House official, would have similar oversight responsibilities for their systems.
The bill was introduced by Rep. James Langevin (D-R.I.) for himself and a bi-partisan group of House members. It was referred to the House Oversight and Government Reform, Armed Services, and Intelligence Committees.
Ben Bain is a reporter for Federal Computer Week.