Bill Forthcoming To Move Cybersecurity From Homeland Security To White House

Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.

CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they’re at risk of a cyberattack, “critical” computer networks from the Internet.

“I regard this as a profoundly and deeply troubling problem to which we are not paying much attention,” Rockefeller said a hearing this week, referring to cybersecurity.

Giving the White House cybersecurity responsibility was one of the top recommendations of a commission that produced a report last year to advise President Obama on cybersecurity issues. However, the Homeland Security Department, which currently has jurisdiction over cybersecurity, has insisted the reshuffling of duties is not needed.

Given the enormity of cybersecurity threats, the responsibility is a natural fit for the White House, said James Lewis, a director and senior fellow at the Center for Strategic and International Studies, which issued last year’s commission report.

“The Obama administration has an adviser on energy and climate change, and that’s good and important,” Lewis said, “but we’re still in the mode that cyber is less important.”

While the bill is still in draft form and thereby subject to change, it would put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector’s cooperation with the private sector. The adviser would have the authority to disconnect from the Internet any federal infrastructure networks–or other networks deemed to be “critical”–if found to be at risk of a cyberattack.

The private sector will certainly speak out if this provision is included in the final draft of the bill, a representative of the technology industry who spoke on condition of anonymity said.

“You can be assured that if that idea is put into legislation we would certainly have views on it,” he said. “It’s not trivial.”

While the person did not take a stance on whether the White House is the appropriate place to put cybersecurity jurisdiction, he said, “cybersecurity is a cross-cutting issue, across all government agencies, so leadership at the top is useful.”

The bill could also make the proposed cyber adviser responsible for conducting a quadrennial review of the country’s cybersecurity program, as well as for working with the State Department to develop international standards for improving cybersecurity.

The draft version of the bill also establishes a clearinghouse for the public and private sectors to share information about cyberthreats and vulnerabilities. It also creates a Cybersecurity Advisory Panel consisting of outside experts from industry, academia, and nonprofit groups to advise the president.

Because many federal contracting officers do not currently include security provisions into federal procurements, the bill could also establish a “Secure Products and Services Acquisitions Board” to review and approve all federal acquisitions.

Source