Help Wanted: Cybersecurity Experts
DHS, already facing a shortage of cybersecurity experts, has had to slow its hiring activities, and some cybersecurity-response exercises the agency had planned to conduct in concert with foreign partners have been canceled amid the across-the-board spending cuts that recently took effect, according to Napolitano.
Oklahoma Sen. Tom Coburn, the ranking Republican on the Homeland Security and Government Affairs Committee, called Obama's executive order "timely and appropriate," but echoed the view of other senators at Thursday's hearing that it still leaves room for Congress to act to address the cybersecurity challenge.
In a general sense, the call for policies to improve the agility of businesses and government to share information about cyber threats and attacks is probably one of the less controversial aspects of cybersecurity reform, though civil-liberties and privacy advocates have warned against the funneling of personal information that businesses maintain about their users to the government. Those concerns have especially dogged a House cybersecurity bill that focuses narrowly on information-sharing.
But according to Coburn, a significant obstacle to advancing information-sharing proposals remains from the business perspective, as well.
"I'll speak to the issue that nobody wants [to] directly speak to, is the reason a bill didn't go through the Senate is because there's a disagreement on the liability protections for business and industry when they share their information to protect them against frivolous lawsuits," he says.
Coburn explains that in a series of classified cybersecurity hearings members of the homeland security committee have convened, Obama administration officials have agreed that liability protections are a major obstacle for the information-sharing component of cybersecurity legislation.
"There hadn't been one person who's testified -- all administrative witnesses, all administration -- who don't agree that those protections are going to have to be there for us to accomplish what we need to do for our country," he says.
Even if lawmakers can strike a balance on the information-sharing dimension of the cybersecurity question, a narrow bill focused only on that issue would be "wholly insufficient" to meet the threats, according to Rockefeller. Moving ahead in a piecemeal approach, he argues, would ignore the political reality that there is a limited window for enacting reform in a complex arena such as cybersecurity, which, he points out, lawmakers have been working on for years.
"I don't think that's a wise, useful or constructive approach to the kind of bill that we can't really come back to every year," says Rockefeller, who has announced that he will retire from the Senate rather than seek reelection in 2014.
Napolitano reaffirmed the Obama administration's commitment to a comprehensive bill that would include, but hardly be limited to, information-sharing provisions.
"Information sharing is very, very important," she says. "Real-time information sharing is critical, but it is not the only concern that we have in this arena."
Sign up for CIO Asia eNewsletters.