Push on for Comprehensive Infosec BillWhite House Discourages a Piecemeal Approach to Cybersecurity
The White House wants Congress to enact comprehensive cybersecurity legislation this year, favoring an approach taken by the Democratic-led Senate than a more piecemeal path backed by the Republican-controlled House of Representatives.
In a blog posted as a follow up to President Obama's State of the Union address on Wednesday, in which the chief executive spoke of the need for legislative action to battle cyberthreats (see The State of the Union's Cybersecurity), White House Cybersecurity Coordinator Howard Schmidt wrote that the administration's legislative proposals would move the nation toward accomplishing its cybersecurity goals.
Schmidt said enactment of such legislation would be an incredibly important step forward in safeguarding the government's IT systems and nation's critical information infrastructure, adding:
"At the same time, addressing only a portion of these needs by our cybersecurity professionals will continue to expose our country to serious risk."
Schmidt cited, as an example, proposals to provide incentives for the private sector to share more information. That, in itself, would not adequately address critical infrastructure vulnerabilities. The cybersecurity coordinator said:
"The American people expect the federal government to work with the private sector to ensure our critical infrastructure is protected. Our professionals in the federal government, as well as those in state, local and private sector entities need new legislatively-enacted authorities to do so."
The White House last May unveiled its comprehensive cybersecurity legislative agenda that would update the Federal Information Security Management Act - the law that governs government IT security - and formalizes the Department of Homeland Security's role in managing the government's non-military, non-defense IT (see White House Unveils Cybersecurity Legislative Agenda). Obama's proposal also would give DHS the lead role in coordinating with the private sector the protection of the nation's mostly privately owned critical information infrastructure. The legislative proposal also would establish a new framework aimed at protecting individuals' privacy and civil liberties.
Senate Majority Leader Harry Reid, D-Nev., has pledged to bring up comprehensive, bipartisan cybersecurity legislation in the coming weeks (see Senate to Take Up Infosec Bill in Early 2012).
Cybersecurity reform, for the most part, has been a bipartisan issue, and in October Republicans made public their cybersecurity agenda that in many respects parallels the goals of the Obama administration and Senate Democrats (see House GOP Unveils Cybersecurity Agenda). If there is a difference between the Democratic and Republican approach is that GOP have greater faith IT can be secured through incentives than by new regulations. Still, Rep. Mac Thornberry, the Texas Republican who heads the House cybersecurity task force, said when the GOP introduced its cybersecurity legislative agenda:
"There's a lot of room to work together within Congress and with the White House. It's essential that we do so because of the economic aspects and national security aspects of IT."
The last major cybersecurity bill Congress enacted was the E-Government Act of 2002, which incorporated FISMA. Though lawmakers from both sides of the aisle and both chambers generally agree on what should be contained in cybersecurity legislation, getting a compromise remains a challenge, especially when trying to define the government's role in securing critical, privately owned IT systems.
With the toxic partisan climate in Washington and around the nation, and a divisive presidential election in the making, can Congress overcome these barriers and send the president the legislation he seeks? The answer to that question could come soon if the Senate takes up the legislation in the coming weeks as promised.