5 Fed Cybersecurity Priorities for the Fall

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

With Congress back in session, a number of cybersecurity initiatives will likely be addressed this fall. Here are five cybersecurity priorities Congress and the executive branch should tackle in the coming months.

1. White House Cybersecurity Adviser

Two matters must be addressed. First, whether Congress should establish by law a White House cybersecurity office that would manage federal-wide cybersecurity and the naming of a presidential White House cybersecurity coordinator that doesn't require Congressional action.

When Sen. Tom Carper, D.-Del., introduced the U.S. Information and Communications Act in April, it contained a provision to establish a National Office of Cyberspace in the White House, with its director confirmed by the Senate. Over the summer, however, the bill - S. 921 - was revised, and that provision was eliminated. The White House hasn't shown much enthusiasm for a Senate-confirmed cybersecurity director, and Carper earlier this year said he wants to craft legislation that gains widespread support from both Congressional chambers, as well as the Obama administration. Still, many lawmakers and cybersecurity policymakers in and out of government like the idea of a so-called cybersecurity czar, and just because U.S. ICE was revised once, doesn't mean it can't happen again.

Meanwhile, three months ago President Obama promised to name a cybersecurity coordinator, which would not require Senate confirmation and would not be as a high-level adviser as some had hoped. The coordinator would from time to time have direct access to the president, but would report to the national security adviser and national economic adviser. One reason the post remains vacant is the reluctance of potential coordinator candidates to report to two different bosses in the White House -- two officials who could have differing agendas. That the cybersecurity coordinator doesn't have more direct access to the president is another reason the job remains vacant. Where the coordinator is found on the White House organizational chart does matter to some potential candidates.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Read:

• White House Cyber Office Questioned
• Cyber Czar Waiting Game

2. FISMA Reform

Most cybersecurity policymakers agree that the Federal Information Security Management Act, the 7-year-old law that governs federal IT security, is outdated and needs to be revised. The main thrust behind U.S. ICE - before the Senate Homeland Security and Governmental Affairs Committee - is aimed to do just that.

One significant departure from the past would be the way the government measures IT security. Under FISMA, agencies must show how they comply with the processes determined to secure IT systems. U.S. ICE would rely less on compliance, but more on developing ways to establish in real time whether systems and networks are truly secure, including vulnerability tests in which teams of so-called "red team" hackers assault government IT assets.

Among the most controversial provisions in the revised U.S. ICE bill is the shifting of much of the leadership on developing federal cybersecurity policy, at least for civilian agencies, to the Department of Homeland Security from the White House, including the responsibility of reviewing the IT security budgets of civilian agencies. Supporters of such a shift contend Homeland Security is the proper place, since it's the civilian department with the most cybersecurity expertise. But opponents argue that giving Homeland Security say over other federal departments and agencies is inappropriate, and could cause friction within the executive branch.

Another bill, the Cybersecurity Act of 2009, also would revise the way the federal government governs IT security. Known as S. 773 and sponsored by Sens. Jay Rockefeller, D.-W.Va., and Olympia Snowe, R.-Maine, the bill's most controversial provision - giving the president authority to limit or halt Internet traffic to and from federal IT systems and the mostly privately owned nation's critical IT infrastructure -- has reportedly been softened since its introduced this past spring.