A new authorization bill would give the White House more oversight of the Homeland Security Department's much-beleaguered cybersecurity efforts.
The Senate Homeland Security and Governmental Affairs Committee on Friday introduced its DHS authorization bill (PDF) for fiscal years 2008 and 2009, which calls for the director of the National Cyber Security Center to be appointed by and, in some circumstances, to report directly to the president.
DHS Secretary Michael Chertoff in March announced the appointment of Silicon Valley entrepreneur Rod Beckström as the NCSC director. Beckström reports directly to Chertoff, though Under Secretary Robert Jamison is responsible for the DHS' overall cybersecurity efforts, which along with the NCSC includes the U.S. Computer and Emergency Readiness Team and its intrusion detection system, called Einstein.
The Senate in its authorization bill provides guidelines for the recently created center, about which the DHS has been slow to provide details to Congress. Critics of the DHS' operations have called for the White House to assume responsibility of cybersecurity. The transfer of power will be one of the recommendations made by the Center for Strategic International Studies' Commission on Cybersecurity for the 44th Presidency in its report to be issued in November.
Daily Debrief: Secure your data while traveling
The bill officially establishes the NCSC within the DHS, as well its director, a Senate-confirmed presidential appointee. It calls for the director to report to the president directly about strategies and performance metrics for the security of the federal information infrastructure, as well as about inter-agency plans for responding to incidents relating to that infrastructure. The director would report to the DHS secretary on all other NCSC missions.
The bill gives the director authority to access any information from government agencies and relevant private sector entities--including law enforcement information, intelligence information, and terrorism information--he deems relevant to the security of the federal information infrastructure. The director would also be responsible for giving guidance over budgets to each agency that operates a federal computer system; he would evaluate those budgets and turn in his evaluations to Congress.
Other authorities of the director include reviewing the plans and policies of other agencies relevant to the information infrastructure, as well as physically inspecting facilities. The National Security Agency's director would work with the NCSC's director on developing plans to evaluate the government's information infrastructure.
The bill authorizes $30 million for the NCSC for fiscal year 2009.