Cybersecurity provisions stripped from defense bill

Legislation designed to secure federal computer systems was cut from defense spending bill

Reforming federal cybersecurity might not be made into law for 2011 after measures were removed in the latest version of the National Defense Authorization Act. Provisions to create a White House Office of Cyberspace and an oversight board for federal IT security compliance were among the stipulations omitted after a version of the bill failed to get Senate approval.

The omitted provisions also included the creation of a Federal Cybersecurity Practice Board in the White House cyberspace office, which would have established policies and procedures for meeting Federal Information Security Management Act requirements and overseen implementation of standards and guidelines from the National Institute of Standards and Technology, according to Eric Chabrow at GovInfoSecurity.com.

Also on the cutting-room floor: requirements that agencies institute automated, continuous monitoring of systems and networks to ensure compliance and detect vulnerabilities that could lead to security breaches or other cyber threats.

A proposed White House office that would focus on collaboration across government and the private sector to optimize IT security was also scrapped.

At a cybersecurity forum sponsored by The Atlantic magazine and held in Washington Dec. 16, federal officials and IT experts acknowledged the growing cybersecurity problem.


Related story:

Napolitano calls for cybersecurity partnership


“If you have kinetic war, you’re going to have cyber war…you’re going to have cyber espionage,” said Mike McConnell, former director of the National Security Agency. “There is no computer system of consequence that hasn’t been penetrated by the adversary.”

Debora Plunkett, director of the Information Assurance Directorate at NSA, also recognized the urgency of threats to federal IT systems. “Threats and vulnerabilities come from multiple venues,” she said at the forum, adding that the idea of total security no longer exists.

Several speakers at the forum called for partnership between industry and government to successfully address the threat — something that for now will remain unlegislated.

“We’re not embracing the issue in its totality,” said Larry Clinton, president and CEO of the Internet Security Alliance, at the forum. “Right now, the private sector is in charge of securing critical infrastructure, and the government’s job is compliance. They have fundamentally misunderstood the relationship that needs to develop between the public and private sectors.”

However, it doesn’t mean that the cybersecurity issue will go unchecked on Capitol Hill in 2011.

“This may suggest there is a still a case for a comprehensive cybersecurity bill, instead of [pieces] put into must-have legislation like the Defense Authorization [bill],” Clinton said today in a phone interview.

“So far, [cybersecurity] has been treated as an operational and technical issue…but it’s much broader than that and needs to be appreciated in its broader context,” he added. “I think we’ll see additional efforts in cybersecurity legislation.... I think they will be increasingly sophisticated in the continuing learning process throughout Congress.”

Jim Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, agreed that much will ride on what happens next with cybersecurity legislation. “The real issue is how to move forward next year,” he said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.