Senate bill sets guidelines for cybersecurity center

A new authorization bill would give the White House more oversight of the Homeland Security Department's much-beleaguered cybersecurity efforts.

The Senate Homeland Security and Governmental Affairs Committee on Friday introduced its DHS authorization bill (PDF) for fiscal years 2008 and 2009, which calls for the director of the National Cyber Security Center to be appointed by and, in some circumstances, to report directly to the president.

DHS Secretary Michael Chertoff in March announced the appointment of Silicon Valley entrepreneur Rod Beckström as the NCSC director. Beckström reports directly to Chertoff, though Under Secretary Robert Jamison is responsible for the DHS' overall cybersecurity efforts, which along with the NCSC includes the U.S. Computer and Emergency Readiness Team and its intrusion detection system, called Einstein.

The Senate in its authorization bill provides guidelines for the recently created center, about which the DHS has been slow to provide details to Congress. Critics of the DHS' operations have called for the White House to assume responsibility of cybersecurity. The transfer of power will be one of the recommendations made by the Center for Strategic International Studies' Commission on Cybersecurity for the 44th Presidency in its report to be issued in November.

The bill officially establishes the NCSC within the DHS, as well its director, a Senate-confirmed presidential appointee. It calls for the director to report to the president directly about strategies and performance metrics for the security of the federal information infrastructure, as well as about inter-agency plans for responding to incidents relating to that infrastructure. The director would report to the DHS secretary on all other NCSC missions.

The bill gives the director authority to access any information from government agencies and relevant private sector entities--including law enforcement information, intelligence information, and terrorism information--he deems relevant to the security of the federal information infrastructure. The director would also be responsible for giving guidance over budgets to each agency that operates a federal computer system; he would evaluate those budgets and turn in his evaluations to Congress.

Other authorities of the director include reviewing the plans and policies of other agencies relevant to the information infrastructure, as well as physically inspecting facilities. The National Security Agency's director would work with the NCSC's director on developing plans to evaluate the government's information infrastructure.

The bill authorizes $30 million for the NCSC for fiscal year 2009.

[n3td3v]

$30 million to protect themselves against a false pretence? cyber security doesn't need that much investment, the folks ramping up the idea of a real life die hard 4 are living in cloud cuckoo land. there are no cyber terrorists out there, there is no threat to national security. people like marcus sachs want you to believe there is, so he can get hold of power and money in washington, but its all fantasy make-believe threats that aren't actually there in reality.

[ITSecurityDude]

Actually, you are wrong, there are cyber terrorists. It has been in the news about criminals hackers who tried to extort money from people to return control of their computers and it was also in the news about an overseas company that was hacked into. If you want to wait until the US suffers a devastating cyber attack before you believe, then there is no hope for you. I have been an IT security professional for over 10 years and I have read articles and seen reports that are indicators of a the possibility of more and more devastating cyber attacks.

[Pete Bardo]

Sure, cyber terrorism is a threat. What I'm not understanding is how a technologically inept President is of any value in this loop. It makes the director a political appointee, which does little to guarantee a qualified, experienced director of the new agency. The director reporting directly to the President on any matters splinters the DHS, whose stated purpose was to bring all national security concerns under one department. The White House can't even secure its own email--and we're going put all our trust there?

I know what to do--place armed guards at strategic points throughout that series of tubes that makes up the internet...