With cyber czar in place, lawmakers continue legislative push

Congress could tackle key computer security questions in 2010, despite persistent disagreement over the extent that cybersecurity should be regulated.

For the better part of a year, it seemed that virtually every debate and discussion involving cybersecurity centered on the so-called cyber czar: Who would it be? How much power would the czar have? What would the official’s responsibilities entail? Why was it taking so long to name someone? Should he or she even be called a czar?

But even with the appointment of Howard Schmidt, a computer security veteran with loads of experience in government and industry, as the White House’s cyber coordinator, the numerous online threats facing the United States didn’t instantaneously evaporate. Schmidt’s entrance did put a trusted face on the Obama administration’s approach to protecting cyber infrastructure: Lawmakers have a clearer picture of the administration’s computer security plans, and industry, which is always quick to point out that companies own a vast majority of cyber infrastructure, seemed pleased with the choice.

Now the focus of debate on the government’s role in computer security might shift down Pennsylvania Avenue from the White House to the Capitol.

Indeed, momentum for more government involvement seemingly grows with every dire intelligence assessment, online financial fraud case, or newspaper article about Google and China. All that adds up to ammunition for a sustained push by lawmakers who want to advance comprehensive cybersecurity legislation.

For example, Dennis Blair, the national intelligence director, recently led his testimony to a Senate panel on the intelligence agencies’ annual threat assessment with a blunt warning of the cyber threat. His predecessor, Michael McConnell, also told the Senate Commerce, Science and Transportation Committee last month that the United States would lose a cyber war.

Meanwhile, a cyberattack simulation last month, broadcast by CNN, depicted a faux White House Situation Room in which Cabinet officials struggled through questions of what legal authorities the president had to respond to during a burgeoning cyber crisis.

The cyber simulation “made it enormously clear [that] if we are serious about responding to real cyber emergencies effectively, we need a real strong, top-level coordination,” Sen. John “Jay” Rockefeller (D-W.Va.), chairman of the Commerce committee, said during the hearing. “Too much is at stake for us to pretend that today’s outdated cybersecurity policies are up to task of protecting our nation and/or our economic infrastructure."

Rockefeller and Maine's Olympia Snowe, a senior Republican on the panel, continue to refine a sweeping cybersecurity bill they introduced last year. Both senators used the recent hearing to make the case for their recommendations. Snowe said the administration's cyber coordinator should be a Senate-confirmed position, as proposed in the Rockefeller/Snowe legislation, so the official would be obliged to testify before their committee.

Rockefeller and Snowe, Blair and McConnell, government and industry — all seem to agree that the public and private sectors must share the responsibility to protect the country's IT infrastructure. But how to regulate in a way that spurs innovation and bolsters security remains subject to intense debate.

The original language in the Rockefeller/Snowe bill, as introduced in April 2009, stoked controversy in industry partially because it would have given the president power to declare a cybersecurity emergency and shut down Internet traffic to and from government systems or networks and those considered critical infrastructure. In addition, in the interest of national security, the president could order the disconnection of such networks or systems. Provisions that would have mandated certifications for cybersecurity professionals also irked some in the private sector.

Since then, however, the Rockefeller/Snowe bill is said to have gone through four iterations as feedback from industry has been incorporated into the legislation. A markup date for the bill hasn’t been set.

James Lewis, director of the Center for Strategic and International Studies’ technology and public policy program, supports the bill. During the recent hearing, Lewis, who directed a commission that has framed much of the cybersecurity discussion during the past year, testified that it’s important for the president to have clear authority to act in a cyber crisis. He also said the development of new rules is critical, even if industry cries foul and companies say regulations stymie innovation.

It’s not clear what requirements an eventual version of the Rockefeller/Snowe bill would levy on industry. It’s also unclear how other computer security-related proposals that call for further regulation of the private sector will advance in Congress.

However, if the Commerce committee hearing was any indication, it is likely that the great cybersecurity debates of 2010 will focus on legislation, not White House officials.

And time might be short. “When it was steam engines or automobiles or telephones, we could take 20 or 30 or 40 years to come up with the rules we needed, but we don’t have that luxury now," Lewis said. "Prompt action is necessary."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.