“Sen. Harry Reid [the Majority Leader] is very committed to doing something to protect our cyber networks in this session of Congress,” Lieberman says during a press conference in the Capitol introducing the bill Thursday. “Our committee has been working on this for some period time. A few months back, Sen. Reid called a bunch of the chairman in in relevant areas because he had just received a briefing on the cyber threat. He was very concerned about it and said this is something he wanted to get done in this session of Congress.”
In fact, Lieberman says he just met with Reid Wednesday about the cyber bills. Reid created a process where his staff would coordinate with the relevant committee staffs to get a cyber bill passed this session.
Lieberman says he believes because of the widespread and bi-partisan support to improve cybersecurity something will get done.
“We are very open to including those [other bills] in this measure,” he says. “I’ve heard from people in the private sector who have talked to people in both parties, including the leadership and they have been encouraged to believe there really is an opportunity here because of the threat to our national security.”
He adds that the committee spent a lot of time writing the bill and meeting with the public and private sector experts to make sure they are starting off in good shape.
A congressional source familiar with the legislation says the Defense Authorization bill is one option to get these changes put into law because the House version already includes several similar provisions.
Joy Fox a spokeswoman for Langevin says the congressman is pleased with several aspects of the bill.
“While he is still examining the details of Sen. Lieberman’s bill, he is happy to see that it would give the director of Cyberspace Policy budgetary oversight authorities,” Fox says. “This was a fundamental recommendation of the CSIS Commission on Cybersecurity, which he co-chaired, and a key provision in his recently-introduced legislation. After seeing his language included in the House version of the National Defense Authorization Act, he is hopeful the Senate will be able to move quickly and cement certain aspects on FISMA reform and the executive authorities for cyberspace in its version of the Defense bill.”
Bob Dix, vice president of government affairs and critical infrastructure protection for Juniper Networks and a former staff member on the House Oversight and Government Reform Committee, says leadership is needed to ensure some comprehensive cybersecurity legislation makes it into law.
“The leadership must provide leadership to the various members because there is a lot of jurisdiction grabbing going on now,” he says. “There are some good and not so good measures in these bills. What is missing now is prioritization of what we need in terms of tools provided legislatively to support mission of making nation more secure.”
Reaction to the major changes the bill would make has mostly been positive.
Among the most significant differences the bill is asking for would be to create two new offices to oversee federal cybersecurity at the White House and at the Homeland Security Department.
The White House’s Office of Cyberspace Policy would be run by a Senate confirmed director and would oversee budget, policy making and national strategy development.
At DHS, the bill would create the National Center for Cybersecurity and Communications (NCCC), led by a direct, who too would be confirmed by the Senate. The NCCC would wrestle oversight and the majority of the responsibility for the cybersecurity of civilian agency networks from the Office of Management and Budget.
The new office would perform red and blue team evaluations and be responsible for ensuring agencies meet the Federal Information Security Act. The bill also updates FISMA requiring agencies to do real-time monitoring of the security of their networks.
Another key provision gives DHS a role in setting requirements for owners and operators of the nation’s critical infrastructure to secure their networks.
The bill also gives the President the ability to declare a national cyber emergency if attacks on specific types of critical infrastructure would cause a national or regional disaster.
The President would have to notify Congress of the emergency, why the existing security measures are deficient and what new things must be done to secure the networks. The President would then require the director of the NCCC to issue emergency measures that would last only 30 days.
Dix says the critical infrastructure provisions cause him a lot of concern.
“I think the government isn’t in the position to determine what the best mitigation strategies are,” he says. “Those in business fight every day against cyber attacks and understand what is going on. The best way to change is to facilitate and enable an environment where industry and government are working together in steady state or in normal circumstances where they are just dealing with the typical attacks or the regular noise so we are in a better position to identify patterns and trends of where the attacks are coming from.”
Dix says currently the collaboration and communication is severely lacking. He says there are several stovepipe initiatives going on in government and the private sector that need to come together to provide a more complete view of the security threats.
TechAmerica, an industry association, also has concerns about these critical infrastructure provisions.
It says the bill could turn DHS into a regulatory agency.
“Regulations like these could seriously undermine the very innovation we need to stay ahead of the bad actors and prosper as a nation,” says Phil Bond, president and CEO of TechAmerica. “Fundamentally, industry agrees that in times of emergency, all appropriate resources and authorities should be brought to bear. We are continuing to evaluate the emergency powers in the bill to make sure they provide for coordination with industry at every step and to mitigate the potential for absolute power.”
The association says it “enthusiastically supports” the proposed elevation of offices and individuals leading the government’s cybersecurity efforts in DHS and the White House.
It also applauds the adoption of measures from the proposed Federal Information Security Management Enhancement Act of 2010, and the provisions to support research and development in cybersecurity and bolster the federal cybersecurity workforce.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)