Two Cyber Czars for the Price of OneBill Goes Beyond Ban of Internet Kill Switch Use
And, among the bill's most intriguing offerings is the creation of two cybersecurity czars.
The ideas in S. 413 aren't new; they appeared in similar legislation sponsored last year (see Senators Unveil Long-Awaited Cybersecurity Bill) by the same lawmakers: Committee Chairman Joseph Lieberman, ID-Conn.; ranking member Susan Collins, R-Maine; and Thomas Carper, D-Del., who chairs the panel's subcommittee with government IT security oversight. That bill never came up for a vote.
What's mostly being ignored about the bipartisan Cybersecurity and Internet Freedom Act of 2011 is that the bill basically would rejigger the way the federal government governs IT security.
In many ways, S. 413 is a compromise. Some lawmakers want IT security authority vested in a White House cybersecurity director, a post that would have more clout than that given White House Cybersecurity Coordinator Howard Schmidt. Others, such as Collins, feel IT security - at least for civilian agencies - should be governed from the Department of Homeland Security (see Collins: Put Cyber "Czar" in DHS).
The new bill offers both; in a sense, it creates two cybersecurity czars, a term the Obama administration abhors. Simply, the White House job would focus on the nation's IT security strategy while the DHS position would be more tactical, handling day-to-day IT protection.
The legislation would create in the White House the Office of Cyberspace Protection, headed by a Senate-confirmed director, who would, according the bill's language, "oversee, coordinate and integrate all policies and activities of the federal government across all instruments of national power relating to ensuring the security and resiliency of cyberspace."
Besides being the president's principal cybersecurity advisor, the cyberspace protection director would oversee the nation's cyberspace strategy, resolve disputes among agencies on the strategy, recommend steps the Office of Management and Budget can take to safeguard government IT, assure compliance by agencies to National Institute of Standards and Technology guidance and recommend changes to agencies budgets to meet their IT security responsibilities.
The bill, if enacted, would establish a National Center for Cybersecurity and Communications at DHS, that like Office of Cyberspace Protection, would be headed by a Senate-confirmed director. The NCCC would oversee the United States Computer Emergency Response Team, known as U.S.-CERT, and lead federal efforts to protect public and private sector cyber and communications networks.
The NCCC director also would advise the president and serve as the primary IT security counselor to the DHS secretary. The director would be assisted by two deputy directors, one named by the DHS secretary to help administer the center and another, to be recommended by the director of national intelligence, to be a liaison with the intelligence community.
Last year, the Obama administration did not embrace the bill; it wasn't enthusiastic about sending its top cybersecurity adviser to Capitol Hill testify. Holding a non-Senate-confirmable post, executive privilege shields Schmidt from testifying. Let's see if the White House raises some ruckus over the new bill.