Two U.S. senators introduced legislation on Wednesday that calls for naming a national cybersecurity adviser who reports directly to the president and who would have the authority to disconnect federal or critical infrastructure networks from the Internet if they were deemed to be at risk of attack.
This proposed legislation comes amid a review ordered by the Obama administration into the government's policies for defending itself against cyberattacks and follows the resignation of Rod Beckström as director of Homeland Security's National Cybersecurity Center in response to what he said was a power grab by the NSA for cybersecurity leadership.
The legislation, proposed by Sen. John D. Rockefeller IV (D-W.Va.) and Sen. Olympia Snowe (R-Maine) would establish an Office of the National Cybersecurity Advisor that would take the lead on Internet security matters and coordinate with the intelligence community and the private sector.
The legislation also calls for the creation of a Cybersecurity Advisory Panel composed of outside experts from industry, academia, and nonprofit groups that would advise the president, as well as creation of a public-private clearinghouse for cyber threat and vulnerability information sharing, establishment of measurable and auditable cybersecurity standards from the National Institute of Standards and Technology. It would also require that cybersecurity professionals be licensed and certified.
In addition, the legislation would require that the cybersecurity adviser conduct a review of the U.S. cybersecurity program every four years and require officials to complete a number of reviews and reports. Officials would be asked to: do a threat and vulnerability assessment of public systems and private sector operated infrastructure; conduct a legal review of the federal statutory and regulatory framework for cybersecurity; complete a report on identity management and civil liberties, and one on risk management that attempts to put a dollar value on cybersecurity threats and includes civil liability and government insurance.
Other provisions of the legislation call for the creation of state and regional cybersecurity centers to help small and midsize businesses adopt security measures, an increase in funding for cybersecurity research and development at the National Science Foundation, and the establishment of a Secure Products and Services Acquisitions Board that would certify that products the government purchases meet security standards it sets.