As Federal News Radio has reported, there are as many as 40 different cybersecurity bills now being considered on both sides of Capitol Hill.
But the powerful chairman of a big Senate committee thinks his cybersecurity bill will be the one to cross the finish line to the President’s desk. That chairman held the first hearing for his bill yesterday in the United States Senate.
The panel’s ranking member, Sen. Susan Collins (R.-Maine), and a principal co-author of the measure, recounted many now-familiar anecdotes of cyber-attacks on government and private networks, adding, “We cannot wait for a ‘cyber 9/11’ before our government realizes the importance of protecting our cyber resources.”
Another of Collins’ co-authors for this bill, Delaware Senator Tom Carper (D.), believes that the unusually large number of pending cybersecurity measures on Capitol Hill means Congress may finally be getting serious about the subject.
“Looking around this room,” he said in his opening statement, “standing-room-only, I would suggest that finally, at long last, we have a real national focus, a real strong focus, in the Senate and the House, and at the White House, in taking the strong steps we need, to make sure our internet, which has grown more complex by the day, that we have taken steps to securing that internet.”
The principal co-author of the bill is Connecticut Independent Democrat Joe Lieberman, who chairs the Senate Homeland Security Committee. As he did last week, he spoke confidently about one of the most important planks of his Cybersecurity bill.
First, we need leadership, we need focused and clear leadership, and our bill provides it in the form of a White House Office of Cyberspace Policy that would lead all federal efforts to defend cyberspace. That is civilian defense and private. The office would be led by a Senate-confirmed director, accountable to the public. We have previously asked, for instance, White House cyber coordinator Howard Schmidt to testify before this committee but we’ve always been turned down, apparently, on the grounds of executive privilege. Our legislation would change that by requiring Senate confirmation and thereby making Mr. Schmidt or whoever holds that position subject to the call of Congress and the public.
We also need a stronger agency to defend the .gov networks and oversee the defenses of our most critical infrastructure. The Department of Homeland Security Inspector General will issue a report tomorrow critical of many operational elements of the Department’s cybersecurity effort, citing a lack of clear authority as one of the issues that needs to be rectified. Our bill more than addresses these shortcomings by creating a National Center for Cybersecurity and Communications within the Department of Homeland Security which would have new, strong authorities to protect non-defense, public sector and private sector networks from cyber attack.
Lieberman’s first witness to talk about the cybersecurity bill could find his future portfolio expanded if it becomes law. Phil Reitinger is Deputy Undersecretary with the National Protection and Programs Directorate with the Department of Homeland Security. And while he remained officially non-committal about the Lieberman bill, he says he has given some thought about how the measure fits with adjustments in cybersecurity strategy that have taken place recently at DHS:
I am not, at this time, able to state an administration position on this bill, which was introduced last week. That said, DHS looks forward greatly to continue to work with the committee on strengthening the department’s ability to accomplish its cybersecurity mission.
Reitinger also says the bill’s mandates for continual electronic monitoring of security on computer networks, and disposing of former mandates for quarterly and even yearly paper-based scans of network security on federal computer networks, are compatible with new FISMA guidelines offered by the Office of Management and Budget.
Acknowledging that there are other cybersecurity bills now in various stages of completion, Lieberman nonetheless believes that it is his bill around which other pending measures will eventually be blended into one bill that goes to the Senate floor.
The Connecticut Independent Democrat is so confident of his measure, he has already scheduled a markup session for his cybersecurity bill for next Wednesday, June 23rd. Lieberman has already indicated his intention to report the bill to the full Senate for consideration before the July 4th recess.