Lieberman Seeks to Codify Cyber "Czar"Influential Senator Outlines His Cybersecurity Wish List
Lieberman, I-Conn., told the Chamber of Commerce Cyberspace Conference meeting in Washington on Friday that the post would require Senate confirmation. In his view, the cybersecurity coordinator would coordinate cybersecurity activities across all federal agencies, provide strategic leadership and guidance to the president and have necessary authority and resources to make change as needed.
"We need this kind of position in the White House specifically to ensure that the classified work conducted by Department of Defense and intelligence agencies is informing the defensive actions taken by our domestic agencies," Lieberman said. "Only the Office of the President has the authority to ensure that everyone is working off the same playbook."
The post is similar to one recommended by the bipartisan Commission on Cybersecurity for the 44th Presidency and the president's own cybersecurity assessment, commonly known as the 60-day review. President Obama in May said he intended to appoint a cybersecurity coordinator under his existing authority that would not require Senate confirmation, but the post has remained vacant.
Sen. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, introduced legislation last spring that also calls for a Senate-confirmed White House cybersecurity adviser. A bill to reform the Federal Information Security Management Act sponsored by Sen. Tom Carper, D.-Del., originally contained a similar provision, but was excised from the measure this summer.
The senators are believed to be huddling to iron out differences in the legislation, with at lest two bills emerging from the talks, one focusing on FISMA reform and the other to address broader cybersecurity concerns, including the government's role in safeguarding critical privately owned IT systems.
In his remarks to Chamber members, Lieberman said Congress must give the Department of Homeland Security the necessary authority and personnel to monitor the federal civilian networks to defend against malicious traffic. DHS has that authority already, through a presidential order, but suggested that through legislation the department could grow staff and win the cooperation from other federal agencies to succeed.
Lieberman also said he wants DHS to do more to help business protect itself from cyber attacks, especially financial, electric power and transportation infrastructures. "To that end," he said, "we should require DHS to identify the most critical cyber infrastructure and ask its operators to perform risk assessments to identify existing vulnerabilities. If problems are found, DHS will work with the companies to decide the best way to mitigate the vulnerabilities but will not mandate a one-size-fits-all strategy to bolster security."
Under his plan, Lieberman said, DHS would establish a voluntary cybersecurity standards program to encourage businesses to comply with specific standards through a certification program. He said DHS would not regulate but encourage compliance, by awarding a seal of approval to be posted on a company's website, akin to the Good Housekeeping or Energy Star seals.
Lieberman also said he plan would tighten federal acquisition rules to assure IT wares are preconfigured with security controls and give agencies hiring and pay flexibilities to attract qualified IT security experts.