A bill that would create a high-level cybersecurity official in the U.S. Department of Homeland Security has been approved by a House of Representatives subcommittee.
The Cybersecurity Enhancement Act, approved by the House Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity, would create the position of assistant secretary for cybersecurity at DHS. The bill, sponsored by Reps. Mac Thornberry (R-Texas), and Zoe Lofgren (D-Calif.), would also make the assistant secretary responsible for establishing a national cybersecurity threat reduction program and a national cybersecurity training program.
“We are seeing increased threats and vulnerabilities associated with our information infrastructure,” said Paul Kurtz, executive director of the Cyber Security Industry Alliance (CSIA), in testimony to the committee. “We rely on our information infrastructure, yet there is no one clearly in charge of coordinating its security and reliability.
“The department's responsibilities to identify critical information infrastructure, develop emergency communications, contingency and reconstitution plans are compelling, yet the leadership is not,” Kurtz continued. “While the private sector has a critical role to play in the protection of critical information infrastructure, DHS provides the main point of coordination for all of our efforts.”
The act would create a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity to work alongside the Assistant Secretary for Physical Infrastructure Protection to promote cybersecurity and protect the nation's critical infrastructure.
The Assistant Secretary for Cybersecurity would be responsible for establishing and managing a national cybersecurity response and information sharing system with the capability to detect and prevent attacks on the nation's cybersecurity and to help in the restoration of cybersecurity infrastructure in the wake of such attacks.
“All of us in our daily lives depend on the reliability of hundreds of computer networks, and we must protect those networks from attacks by criminals or terrorists,” Thornberry said in a statement. “This bill will help make sure our government is devoting the proper amount of attention to cybersecurity.”
Information Technology Association of America President Harris Miller also testified in support of the bill.
“It is clear that all of the nation's critical infrastructures rely significantly on computer networks to deliver the services that maintain our safety and national economy,” Harris said in a statement. “The owners and operators of those infrastructures must be able to look to a single senior individual within the government, with effective influence and budget authority, to coordinate collaborative efforts across sectors and with state and local governments.”
In order to accomplish provisions of the act, the assistant secretary would establish a national cybersecurity awareness program and coordinate education efforts within the public and private sectors. The assistant secretary would also consult with federal, state and local government agencies to enhance their cybersecurity strategies.
The position will also be charged with coordinating with the Under Secretary for Emergency Preparedness the inclusion of provisions for cybersecurity elements the national response plan.
“On the area of cyber, I do think we have a serious vulnerability,” Homeland security Secretary Michael Chertoff says.
The subcommittee passage of the act is the first step — it would have to pass through the full Homeland Security Committee and the full House, and would go through a similar process in the Senate, before it would be sent to President Bush to be signed into law.
Chertoff could, however, decide to elevate the national director of cybersecurity to the position of Assistant Secretary without the intervention of Congress.
In such a case, the bill could still serve as a guide to the development of a National Cybersecurity Office.