A bill to shift cybersecurity to White House

Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.

CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they're at risk of a cyberattack, "critical" computer networks from the Internet.

"I regard this as a profoundly and deeply troubling problem to which we are not paying much attention," Rockefeller said a hearing this week, referring to cybersecurity.

Giving the White House cybersecurity responsibility was one of the top recommendations of a commission that produced a report last year to advise President Obama on cybersecurity issues. However, the Homeland Security Department, which currently has jurisdiction over cybersecurity, has insisted the reshuffling of duties is not needed.

Given the enormity of cybersecurity threats, the responsibility is a natural fit for the White House, said James Lewis, a director and senior fellow at the Center for Strategic and International Studies, which issued last year's commission report.

"The Obama administration has an adviser on energy and climate change, and that's good and important," Lewis said, "but we're still in the mode that cyber is less important."

While the bill is still in draft form and thereby subject to change, it would put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector's cooperation with the private sector. The adviser would have the authority to disconnect from the Internet any federal infrastructure networks--or other networks deemed to be "critical"--if found to be at risk of a cyberattack.

The private sector will certainly speak out if this provision is included in the final draft of the bill, a member of the technology industry who spoke on condition of anonymity said.

"You can be assured that if that idea is put into legislation we would certainly have views on it," he said. "It's not trivial."

While the person did not take a stance on whether the White House is the appropriate place to put cybersecurity jurisdiction, he said, "cybersecurity is a cross-cutting issue, across all government agencies, so leadership at the top is useful."

The bill could also make the proposed cyber adviser responsible for conducting a quadrennial review of the country's cybersecurity program, as well as for working with the State Department to develop international standards for improving cybersecurity.

The draft version of the bill also establishes a clearinghouse for the public and private sectors to share information about cyberthreats and vulnerabilities. It also creates a Cybersecurity Advisory Panel consisting of outside experts from industry, academia, and nonprofit groups to advise the president.

Because many federal contracting officers do not currently include security provisions into federal procurements, the bill could also establish a "Secure Products and Services Acquisitions Board" to review and approve all federal acquisitions.

At Thursday's hearing, Edward Amoroso, AT&T's senior vice president and chief security officer, said the federal procurement process "needs to be upgraded to implement sufficient security protections."

Some industry groups are warning, however, that adding customized requirements to the government's procurement process may inhibit the government's ability to take advantage of the innovations and cost benefits available from commercial technology.

"Simply put, the government cannot reach its security goals by compromising its access to commercial solutions and processes, nor can it technologically or financially afford it," the Business Software Alliance wrote in a memo to Melissa Hathaway, the acting senior director for cyberspace at the White House National and Homeland Security Councils, who is conducting a 60-day review of cybersecurity programs for President Obama. "Rather than imposing overbroad security requirements, government needs to be selective and limit them to high-criticality systems."

The bill may also subject both government and private sector networks to cybersecurity standards established by the National Institute of Standards and Technology. It may also provide for a professional licensing and certification program for cybersecurity professionals.

The senators also want to create greater general awareness of the importance of cybersecurity, so the legislation would expand scholarships for students studying cybersecurity, create an annual cybersecurity competition and prize for students, and initiate a cybersecurity awareness campaign. It would also increase cybersecurity research and development funding for the National Science Foundation.

Lewis said he is very pleased with the Senate's work on this bill so far.

"Having a knowledgeable and powerful group of senators that are willing to pick up the ball and run with it is really encouraging," he said.

Given the broad nature of the legislation--which spans intelligence and homeland security issues, as well as commerce issues--Rockefeller may have to work with the leaders of the Senate Homeland Security Committee and other leaders in the Senate to shape the final version.

An industry insider said, though, that Rockefeller's previous experience chairing the Select Committee on Intelligence will improve the bill's chances of advancing.

"His personal credibility and experience allow him to play a role that another chairman might necessarily have been able to play," the source said.

[Commander_Spock]

Shifting specific (for example; strategical and tactical) "cybersecurity responsibilities" from the the U.S. Department of Homeland Security to "an Office of the National Cybersecurity Advisor, part of the Executive Office of the President" would more or less be a scenario where the the "Head" knows what the "Rest of The Body" is doing - "A Wheel In A Wheel"!

[bgnm]

So an administration that cannot understand the basics of economics would be in charge of something orders of magnitude more complex. What's wrong with that picture?

[Commander_Spock]

Re: "So an administration that cannot understand the basics of economics..."

Well, why worry.... don't babies creep before they begin to walk. The "administration" will learn about the "basics of economics"; and, even about "engineering economy". So; wait, watch and you will see.

"Once A Teacher... Always A Teacher"!

[shootthecops]

conservatives won't like the bill? some NEO-conservatives may not.

[Commander_Spock]

That "the military" and "the politics" sometimes do not "mesh"; then, why would it be expected that the "technology" and the "politics" would this time; and, always!!!

[Maccess]

Cybersecurity needs to re-orient itself from being a spying agency to a defensive agency whose task is to protect the country's data networks and servers from attacks both from within the country and from outside. Cybersecurity does its job when attacks on America's servers fails, and America's network is kept intact even under seige.

[Commander_Spock]

Re: "Cybersecurity needs to re-orient itself from being a spying agency to a defensive agency whose task is to protect the country's data networks and servers from attacks both from within the country and from outside..."

Enter "CybersecurityUSA" Blackwater USA-Style!

[Commander_Spock]

Re: "Enter "CybersecurityUSA" Blackwater USA-Style!"

Only this time, its.... C-O-M-P-U-T-E-R _ W-A-K-E U-P........ M-O-V-E _ T-O _ D-E-F-E-N-S-E _ S-T-A-T-I-O-N!

English Please!

[KmanFL]

What is our chance of being attacked now? 2:1, 100:1?
Barry Hussein Sorroto-Obama, the child who plays part time President of the United States of America when it is convenient, once the most powerful person in the whole world, is in way, way, way above his pay grade.

[Commander_Spock]

How about if we call it "Mission Accomplished" - Again!

[Voice_Of_Logic]

What happened on Jan 21st was effectively a coup. You've witnessed a grand takeover of the US government and it needs to be taken back. Now. We the people NOT we the government. I would pay anything to see Pelosi physically thrown out of her office and forbidden to ever step foot in DC (or a private tax-payer airplane) ever again.

[pentest]

A coup? Really?

Obeying the results of an election is now a coup to the nutbag fundies?

Go back to freeptard land.

[Voice_Of_Logic]

@Commander_Spock: "Well, why worry.... don't babies creep before they begin to walk. The "administration" will learn about the "basics of economics"; and, even about "engineering economy". So; wait, watch and you will see."

Are you kidding? I suppose its OK to screw up, trash the economy, make crack joke about whomever you feel like it, hire liars, cheaters and thieves, associate with thugs, felons and terrorists.... as long as your names aren't Bush or Cheney. Or Reagan for that matter.. Hmm.. Its VERY clear that this idiot buffoon in the White House, now, has failed but gets a pass "just because"... Sort of like last week's 30 Rock episode. Listen, the intelligent folks out here GET IT.

Once a learner, always a learner. I've learned enough in my 50 years to tell me that this administration SUCKS beyond comparison and needs to be removed. Whether it be like our founding fathers did it (via treasonous acts against the - then - established government) or via peaceful legal ways. Either way it NEEDS to happen and soon.

[Commander_Spock]

There is something called "redundancy"; and, notice the "English Language Requirements" when the "Cybersecurity Timeline" is not the same as the "Tet Offensive Timeline"!

Just perhaps "The Eagles (May) Have Landed" Fifty Years Ago!

And. "Lest We Forget The Rear Admiralty"!

"Live Long And Prosper"!

[Commander_Spock]

Damn it "Voice_Of_Logic"! Re: "Lest We Forget The Rear Admiralty".

You know your "Once a learner, always a learner" has reminded about the text related to "The Mis-Education of Americans" that someone (who cannot be heard from now) was talking about; and, if the Pearl Harbour Timeline (and that of the 9/11 Timeline which was inadvertently left out) have failed to educate/inform our minds to help prepare us for the future then we apparently have not "learned" very much from our past experiences.

"NORAD" You Say!

[smallvoice]

National security is not the President?s private matter. It is one of the most important matters for all US citizens and other people around the world whether they live in a friendly nation or in a hostile nation or a hostile regime. When the White House centralizes the cyber-security to itself, it cuts inputs from other departments and agencies, to say the least. The mechanism of checks-and-balances is reduced rather than enhanced.

I think the Department of Homeland Security must keep its cyber-security task. I think we should give a completely independent national security task including cyber-security task to another Department such as the Department of Defense, and if necessary, to a third Agency. Each of them should be able to do the job as if it is the only one for the job of national security including the cyber-security. These Agencies should be cooperating and coordinating, and contributing together. When one Agency is attacked, we have another or the other one which is working. It is better to be safe all the time.
Thank you.

[Commander_Spock]

Did you really mean to say "I (do not) think (that) the Department of Homeland Security must keep its cyber-security task. I think we should give a completely independent national security task including cyber-security task to another Department such as the Department of Defense" (Intelligence)....... manned by the "Best of American Brains" available!

[Lost_Patriot]

I find it amazing that all of the comments and retoric about the passage of the patriot act from the tow senators in question goes so easily over looked. While they much to do about nothing concerning the invasion of privacy about ordinary citizens. Now we prepose to take our data firmly into the hands of politicians trusted or not trusted is not the issue. How can we stand by and let one more intrusion to our lives unwatched unguarded and unprotected. I elect representatives, both legislative and executive, to govern. How is it that we have come to a place where releasing our private selves and corporate selves to the decisions of others is now acceptable. The mutual defense of the nation is only one of the obligations of the federal government the includes all branches. Stand up and say no and say it loudly do not give in to one more relinquishment of your privileges as citizens.

[pentest]

Geez spock, can you get more idiotic?

[Commander_Spock]

Isn't it waaaaaaaaaaaaaaaaaaa.......................y to early for you to be "cracking up" so early when the "OS/2" loving Russians are patiently awaiting to have breakfast, lunch and dinner. Imagine what will happen to you then. Perhaps, you will be headed straight for "isolation" with your views.

[Commander_Spock]

Oops! This should have read: "the "OS/2" loving Russians are patiently awaiting to have (your) breakfast, lunch and dinner...."

[Commander_Spock]

Here "pentest"! Let Commander_Spock do some research for you; now, all you have to do is to follow the attached link that simple; and, surely you can read.... So, what is the argument going to be next - is it going to be about the choice of "enhanced" Windows and Linux Operating Systems to mitigate against "security risks" - Huh!!!

[Commander_Spock]

Re: "Here "pentest"! Let Commander_Spock do some research for you; now, all you have to do is to follow the attached link that simple; and, surely you can read.... "

http://en.ecomstation.ru/solutions/?action=solutions

[cyberguild]

There is a national security element and a commercial / social element to open networking. Homeland Security has a stake in the security and safety of governmental agencies. Financial institutions and government contractors may also come under their purview due to their sensitive and central role in the efficient functioning of our government and society.

Private businesses and citizens are non-essential to the functioning of governmental agencies and do not pose a systemic risk to their operations. The Federal Reserve was chartered as a non-political entity to manage the national currency and monetary policies so politicians could not politicize economic factors to bolster their powers or punish their rivals, among other things. Perhaps we need to clearly define what the government has a vested interest in maintaining the safety and security of, then carve out every thing else - and using completely private entities, form a cooperative that can help ensure the efficient and effective inter-working of open communications, while rigorously enforcing our privacy and protecting us from the unquenchable desire by politicians to control every form of thought, interaction, and association.

Perhaps Homeland Security can provide useful guidance / best practices to commercial entities and private citizens and also help with forensics / legal enforcement, but they should not be central to the governance of open communications.

[originaltubino]

Well if the security recommendations of putting this in the WH control are rejected, it will simply remain in ... private control? NO! Read the article: it would remain with "the Homeland Security Department, which currently has jurisdiction over cybersecurity".

So the idiots here are in a panic because of a recommendation to put control in the hand of an elected and impeachable individual. If we keep status quo, control remains in the hands of unelected political appointees, specifically in the enormous bureacracy of Homeland Security, created by GWB.

It is really a shame that electing a black president by a big majority has driven so many people insane.