One day after it got its first hearing in the Senate, a bill to beef up the nation’s cybersecurity apparatus gained early support from prominent lawmakers in the House of Representatives.
Though it was not on the agenda during an oversight hearing of the House Homeland Security Committee, Senate Bill S. 3480, the Protecting Cyberspace as a National Asset Act of 2010 was certainly on the minds of panel members as they considered a report from the Department of Homeland Security’s Inspector General on DHS’ cybersecurity efforts.
In an unusual show of bipartisanship, two prominent senior members of the House panel – California Democrat Jane Harman and New York Republican Peter King – announced plans to co-sponsor and introduce a companion bill in the House to S. 3480, introduced last week by Senators Joe Lieberman (ID-Conn.), Susan Collins (R.-Maine) and Tom Carper (D.-Del.).
“I agree with Mr. King that the Lieberman-Collins bill is excellent,” declared Harman, adding, “I do plan to co-sponsor the bill with him…I think it is an excellent effort. I’m sure it will change as it goes through the legislative process, but I do think it will be good to work with our counterparts in the Senate on this, as we worked with our counterparts in the Senate on the Safe Ports act.”
Rep. King, who has also chaired the Homeland Security panel, notes that S. 3480, “codifies the Department of Homeland Security as the lead agency to coordinate the protection of federal systems against cyberattacks, and to coordinate with the private sector on the protection of critical information infrastructure.”
King and Harman also picked up support for the companion House bill from Rep. Yvette Clarke (D-NY), chair of the House Cybersecurity Subcommittee.
S 3480 has been earmarked for “fast-track” treatment by Lieberman, who chairs the Senate Homeland Security committee, and is expected to be marked up by the panel next week. It could go to the Senate floor before the 4th of July recess, and enjoys the backing of Senate Majority Leader Harry Reid.
Over the last five years, US-CERT has had five directors. In our opinion, that is impeding our ability to move forward. Without the leadership to implement strategic plans, and guide our day to day operations, it’s going to slow us down.
Skinner also noted deficiencies in the way US-CERT shares information on cybersecurity with clients and partners at other federal agencies in real-time. The IG listed a number of recommendations to improve agency performance.
Even as they contemplate the possibility of beefing up DHS’s roles and responsibilities in the realm of cybersecurity, members of the House panel still found themselves struggling to envision the scope of the problem.
Responding to a question from Homeland Security Committee Chairman Thompson, Greg Schaffer, assistant DHS secretary for Cybersecurity and Communications, and the man who runs US-CERT, admitted he could not provide an adequate estimate of how many hacker attacks took place against the nation’s computer networks on a daily or monthly basis.
Minutes later, Thompson asked Schaffer again to estimate hacker activity, this time as detected by US-CERT’s Einstein intrusion detection system.
Einstein 2 is showing us 278,000 indications of potential malicious activity at the perimeter of our networks on a monthly basis based on the deployments that we have. That doesn’t mean the attacks were successful, it simply means there were indications of malicious activity 278,000 times on the average month.
Despite repeated questioning, none of the members of the House Homeland Security Committee were able to get a more firm and reliable estimate of hacker activity, despite improvements to cybersecurity detection systems.