Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What's next for cybersecurity after White House order?

Kenneth Corbin | March 11, 2013
Senators renew work on cybersecurity legislation in wake of Obama's executive order. Department of Homeland Secretary reiterates administration's position that a comprehensive bill is needed to expand White House directive.

Over the past several years, members of Congress have made significant progress in identifying the challenges of the cyber threat and coordinating with industry to develop a response, according to John Rockefeller (D-W.V.), the chairman of the Senate commerce committee.

At the same time, Rockefeller did not mask his frustration that the comprehensive cybersecurity bills that he and others have drafted have stalled, prompting the White House to issue an executive order in February calling for, among other things, an improved system for sharing information about threats and attacks.

"We've also wasted an awful lot of time by turning an urgent national security issue into a partisan political fight," Rockefeller says. "The Obama administration got tired of waiting for us. I can't blame them."

While House Wants Comprehensive Cybersecurity Bill

At Thursday's hearing, Homeland Security Secretary Janet Napolitano offered a blunt assessment of the threats facing government agencies and the operators of critical infrastructure in the private sector.

"This is critical, time-sensitive work, because we confront a dangerous combination of known and unknown cyber vulnerabilities, and adversaries with strong and rapidly expanding capabilities," Napolitano says. "Threats range from denial-of-service attacks to theft of valuable intellectual property to intrusions against government networks and systems that control our nation's critical infrastructure. These attacks come from every part of the globe. They come every minute of every day. They are continually increasing in seriousness and sophistication."

Obama's executive order directed DHS to develop a voluntary, incentive-based program for private-sector firms to partner with the agency in a bid to improve their cybersecurity posture.

That directive also tasked the Commerce Department's National Institute of Standards and Technology with developing a so-called "cybersecurity framework" to reduce vulnerabilities to critical infrastructure through a year-long, standards-driven process that Patrick Gallagher, the agency's director, said is already underway, with a series of public workshops planned.

In her testimony, Napolitano urged lawmakers to go further and build on the White House executive order with a comprehensive cybersecurity bill that would address a laundry list of shortfalls in current policy.

"Specifically, Congress should enact legislation to incorporate privacy and civil liberties safeguards into all aspects of cybersecurity, further increase information sharing and establish and promote the adoption of standards for critical infrastructure, give law enforcement additional tools to fight crime in the digital age, create a national data-breach reporting requirement and, finally, give DHS hiring authority equivalent to that of the NSA," she says.

"We also know that threats to cyberspace and the need to address them do not diminish because of budget cuts. Even in the current fiscal climate, we do not have the luxury of making significant reductions to our capabilities without having significant impacts," she adds.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.