Panel: Strengthen cybersecurity chief

The White House and Homeland Security Department must take a more active role in enhancing the nation's cybersecurity, a panel of government and industry officials said today.

Only then can the federal government assure the public and private sectors that it is "Getting Serious about Cyber Security," the title of the discussion sponsored by the Critical Infrastructure Protection Program at the George Mason University School of Law.

A more powerful cybersecurity chief at DHS is essential, panel members said.

"We're missing that chief, that quarterback to chart that course for us," said Paul Kurtz, executive director of the Cyber Security Industry Alliance, an industry advocacy group. "It would be nice to have that chief back."

They unanimously supported the Homeland Security Cybersecurity Department Enhancement Act of 2005. The bill would strengthen the current position and address concerns that the federal government is not doing enough to protect the Internet and the nation's critical information technology infrastructure. The bill is up for a vote today in the House as part of deliberations for the fiscal 2006 budget.

Rep. Zoe Lofgren (D-Calif.), one of the cosponsors of the measure, was on the panel. The director of the National Cyber Security Division originally had a lot of power and budget authority when the job was created after the Sept. 11 attacks, but subsequent laws weakened that, Lofgren said.

Watering down the position made it difficult to attract and retain qualified personnel to implement President Bush’s National Strategy for Cybersecurity, she added, before leaving the panel early to vote on the cybersecurity bill.

Looking beyond DHS, the White House should develop national cybersecurity priorities and the Office of Management and Budget should oversee their implementation throughout the entire federal government, said Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee and a chief proponent of improved cybersecurity. That would overcome turf wars among government bureaucracies, he said.

"OMB has juice when it comes to procurement," Davis said. "DHS isn't going to have the same kind of clout to get other agencies to do things."

Something must be done because cyberattacks cause financial losses, legal liability, and other major setbacks, said Jody Westby, managing director at PricewaterhouseCoopers and founder of the Work-IT Group.

The private sector is "not satisfied with the progress that has been made" on cybersecurity, said Marian Hopkins, director of public policy for the Business Roundtable, which represents 160 companies with $4 trillion in annual revenues.

"Do whatever you can to elevate cybersecurity in government," Hopkins said. "The consequences are too grave if we don't."

Companies want software and hardware with fewer flaws and greater security that don’t burden end users, Hopkins said.

The federal government can help push for those improvements in the marketplace because with $65 billion in annual purchases, it is the largest buyer of IT in the world, Davis said.