Senate plan is a step forward for cybersecurity
Congress hasn’t been shy about taking the Homeland Security Department to task about its progress — both internally and on behalf of the federal government — on strengthening cybersecurity.
So the Oct. 31 announcement by Sen. Joe Lieberman (I-Conn.) that the Senate Homeland Security and Governmental Affairs Committee is drafting new cybersecurity legislation comes as a constructive, though somewhat overdue, gesture.
Lieberman, who is chairman of the committee, and its ranking Republican, Sen. Susan Collins of Maine, expect to introduce legislation later this year that would support DHS’ role, along with other federal and private-sector efforts, in making the Internet “a more secure and reliable communications medium.”
The new legislation would focus on five principal elements.
- Establish a Senate-confirmed cybersecurity coordinator in the Executive Office of the President, accountable to Congress, who would coordinate cybersecurity activities across all federal agencies. And unlike in President Barack Obama’s cyberspace policy plans, announced in May, this cybersecurity coordinator would have the authority and resources necessary to make changes.
- Provide sufficient authority and personnel for DHS to monitor the federal civilian networks and defend against malicious traffic. Agencies would also be held accountable for using real-time cybersecurity evaluation processes and other best practices.
- Give DHS the means to secure the nation’s most critical infrastructure, including financial systems, electric power and mass transit.
- Develop new acquisition policies and practices to tighten the security of government systems and promote similar security innovations for the public.
- Address the challenges in hiring, retaining and training cybersecurity personnel in the federal government.
Those measures reflect recommendations that experts have been presenting to congressional committees for more than three years. They are certainly steps in the right direction. However, if efforts to reform the Federal Information Security Management Act — which continue to get sidetracked on Capitol Hill — are any indication, those steps could be a long time coming.
At least DHS was able to celebrate some positive news the day of Lieberman's announcement last month when it opened its new National Cybersecurity and Communications Integration Center.
The new operations center integrates DHS’ U.S. Computer Emergency Readiness Team, which leads a public/private partnership focused on the nation’s cyber infrastructure, and DHS’ operational arm of the National Communications System. And it will soon tie in the National Cybersecurity Center, which coordinates operations among the six largest federal cyber centers and private-sector partners. The NCCIC should prove to be a real step forward in the fight against cyber threats.