Administration Declines to Back Cybersecurity Bill

Top DHS Official Questions Creation of New Infosec Bureaucracy

By , June 15, 2010.
Administration Declines to Back Cybersecurity Bill

T

See Also: The Enterprise at Risk: The 2015 State of Mobility Security

he Obama administration declined to endorse a comprehensive cybersecurity bill introduced in the Senate last week, and questioned one of its main provisions to create a new cybersecurity bureaucracy in the Department of Homeland Security.

Philip Reitinger, DHS deputy undersecretary for the National Protection and Programs Directorate, told the Senate Homeland Security and Governmental Affairs Committee Tuesday that the administration's review of the bill isn't complete - he wouldn't give a timetable on when it would be finished - and thanked the sponsors for having so much faith in DHS to lead government cybersecurity activities. But he questioned provisions in the bill to create a new component within DHS that would focus on cybersecurity at a time the department seeks to address jointly physical and virtual threats.

The legislation - the Protecting Cyberspace as a National Asset Act of 2010 - would establish within the White House an Office of Cyberspace Policy to address governmentwide cybersecurity policy and within DHS the National Center for Cybersecurity and Communications to oversee the execution of IT security initiatives among civilian agencies and the mostly privately owned critical national IT infrastructure.

Reitinger - the highest ranking cybersecurity official at DHS - testified that the administration would rather not have a separate organization devoted to cybersecurity because it's more effective to address jointly the risks to key physical and cyber infrastructures.

"The private sector speaks the language of all hazards, they worry about risk, as a telecom would say, whether it's from a cyber attack or a back hoe," Reitinger said. "We, in government, need to step to that, and speak their same language if we want to influence how they behave in an all-hazards way, in a risk-based way, and if something bad happens, physical or cyber, to be able to address it seamlessly."

The bill is sponsored by committee chairman Joseph Lieberman, ID-Conn., ranking minority member Susan Collins, R-Maine, and Tom Carper, D.-Del., who chairs a panel subcommittee with IT security oversight.

Collins appeared exasperated over Reitinger's disinclination to back provisions in the bill that would grant the president authority to take action to compel the private owners of the nation's critical IT infrastructure such as the power grid to defend against an imminent, major cyber attack. In his written testimony, Reitinger contended the president already has that authority under a number of laws, including Section 706 of the Communications Act.

But Collins pointed out that law dates back to January 1942, a month after Japan attacked Pearl Harbor that brought America into World War II. "Obviously, a very different time, and a long time before the Internet was even conceived of," she said.

Collins also questioned whether the laws Reitinger cited would give the president the authority to act if war isn't imminent. Reitinger didn't disagree. "There are a lot of legal questions that have not been answered," he said. "The cyberspace policy review identified a significant number of them. We, in the administration, would be happy to work with this committee to make sure the authorities that are necessary to meet the coming need are present in the Department of Homeland Security or the president of the United States in an appropriate emergencies."

Collins wanted a firmer commitment: "Shouldn't we be spelling out exactly what the president's authority is short of state of a war?" she asked.

Reitinger answered: "I apologize that I can't take a position on bill at this time, but I do appreciate the effort that the committee made to tailor the authorities so they are focused on the expected need."

"I'll take that as a yes," Collins said, with the crowded hearing room breaking into laughter.

"I'm not trying to put you in an uncomfortable spot, but as you know, we have been working with the department on this issue for more than year," Collins said. "I just don't understand why the department isn't much further along in its thinking on what should be done. That's why the three of us proceeded with this bill. We can't wait. Those hackers aren't waiting; the 1.8 billion attacks per month are occurring now. ... Relying on a law passed in World War II, it is just fool hearty; it's out of date."

Unlike his fellow Republican Collins, Sen. John McCain of Arizona didn't seem concerned whether or not he made Reitinger comfortable. McCain asked who is the "greatest (cyber) attacker" against the United States; Reitinger answered that he would rather not comment at a public hearing.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Federal Strategic Health IT Plan Issued

Federal regulators have issued a strategic health IT plan that includes five goals, including...

Latest Tweets and Mentions

ARTICLE Federal Strategic Health IT Plan Issued

Federal regulators have issued a strategic health IT plan that includes five goals, including...

The ISMG Network