Lawmakers attack cybersecurity on multiple fronts

Some experts advise House and Senate leaders to coordinate their cybersecurity efforts.

When it comes to cybersecurity and its legislative oversight, members of Congress are all over the map.

Cyber plan due soon

Congress will have a better idea of the Obama administration's cybersecurity priorities with the release of the administration's action plan, which could come as early as this week. The administration’s 60-day review of cyberspace policy, which began in February, raised questions about how the president would organize his office to protect the nation’s digital infrastructure.

However, although people might soon get an answer, it will be only the beginning of a long process, said Melissa Hathaway, who led the review.

In recent weeks, a flurry of bills have been introduced in the House and the Senate, tackling topics such as the security of the power grid, the management of the government’s information technology investments and the White House’s approach for dealing with cyber threats.

The measures are welcome news for cybersecurity experts who have long pushed Congress to focus more on the cross-cutting nature of information technology security.

However, the bills are coming from lawmakers from diverse committees, prompting questions about who on Capitol Hill should have oversight of computer security and how much authority lawmakers should have to oversee the White House’s efforts.

Gregory Garcia, who was assistant secretary for cybersecurity and communications at the Homeland Security Department during the Bush administration, said leaders in Congress should come up with a strategy to handle cybersecurity in a coordinated and comprehensive way that identifies gaps that legislation can fill.

Garcia, who now runs a consulting firm, Garcia Strategies, suggested that congressional leaders could model its approach on the Obama administration’s 60-day review of cyber policy. Then, rather than introduce multiple bills, they could develop omnibus security legislation, he said.

So far this session, lawmakers have introduced legislation attempting to accomplish similar goals in different ways.

For example, Sen. Jay Rockefeller (D-W.Va.), chairman of the Commerce, Science and Transportation Committee, introduced a bill April 1 that seeks to use the Commerce Department’s authorities to improve cybersecurity, in part through increased use of standards from the National Institute for Science and Technology.

Meanwhile, a few weeks later, on April 28, Sen. Thomas Carper (D-Del.), chairman of a subcommittee of the Homeland Security and Governmental Affairs Committee, introduced a bill that also called for greater use of standards for federal IT systems.

However, although both senators call for more continuous monitoring of the government’s information systems, Rockefeller would have the Commerce Department work with the Office of Management and Budget to put a new monitoring system in place. On the other hand, Carper would make it the responsibility of the director of a new National Office for Cyberspace to be part of the Executive Office of the President.

Rockefeller also proposes to create a new White House office, but it would be called the Office of National Cybersecurity Advisor.

The administration is expected to announce whether it will create such an office or adviser when it releases the results of its cybersecurity review in the coming days. (See story, Page 13)

James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, has long urged the creation of an office at the White House to coordinate cyber policy. He said he didn’t think the two proposed versions of the office represented a disagreement over how the new entity should work with the National Security Council. 

“I think what they’re trying to do is send a signal to the White House that [the administration needs] to get their act together and they need to do the right thing when it comes to setting up someone in the White House,” he said. “If the 60-day review comes out and you don’t have the outcome all of us thought was right, I think what you’ll see is then the bills move forward.”
 
Not all lawmakers are keen on a new office in the White House. During a hearing April 28, Sen. Susan Collins (R-Maine) urged caution when considering a new office out of fear that it would diminish congressional oversight. 

“I think we have to proceed carefully here to make sure that we don’t create a whole new round of turf battles and inadequate congressional oversight and unclear lines of authority,” Collins said.

In another example, Rep. Bennie Thompson (D-Miss.) and Sen. Joseph Lieberman (I-Conn.), chairmen of the House and Senate homeland security committees, introduced bills April 30 that would give the Federal Energy Regulatory Commission more authority to deal with cyber threats to the nation’s privately owned electricity grids. Thompson and Lierberman coordinated their effort, but a day earlier, Rep. Henry Waxman (D-Calif.) chairman of the Energy and Commerce Committee, co-sponsored a similar bill that was introduced by Rep. John Barrows (D-Ga.).

“A lot of the real battles now are going to be fought on Capitol Hill amongst the committees themselves,” Garcia said.

NEXT STORY: Survey: CISOs dish on FISMA

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.