The Public Eye with Eric Chabrow

Two Cyber Czars for the Price of One

Bill Goes Beyond Ban of Internet Kill Switch Use
Two Cyber Czars for the Price of One

The ruckus in the mainstream media and blogosphere over new cybersecurity legislation has focused on a provision to ban the president from throwing the so-called called Internet kill switch. But what's mostly being ignored about the bipartisan Cybersecurity and Internet Freedom Act of 2011 - introduced last week by the leaders of the Senate Homeland Security and Governmental Affairs Committee (see Senate Bill Eyes Cybersecurity Reform) - is that the bill basically would rejigger the way the federal government governs IT security.

And, among the bill's most intriguing offerings is the creation of two cybersecurity czars.

The ideas in S. 413 aren't new; they appeared in similar legislation sponsored last year (see Senators Unveil Long-Awaited Cybersecurity Bill) by the same lawmakers: Committee Chairman Joseph Lieberman, ID-Conn.; ranking member Susan Collins, R-Maine; and Thomas Carper, D-Del., who chairs the panel's subcommittee with government IT security oversight. That bill never came up for a vote.

In many ways, S. 413 is a compromise. Some lawmakers want IT security authority vested in a White House cybersecurity director, a post that would have more clout than that given White House Cybersecurity Coordinator Howard Schmidt. Others, such as Collins, feel IT security - at least for civilian agencies - should be governed from the Department of Homeland Security (see Collins: Put Cyber "Czar" in DHS).

The new bill offers both; in a sense, it creates two cybersecurity czars, a term the Obama administration abhors. Simply, the White House job would focus on the nation's IT security strategy while the DHS position would be more tactical, handling day-to-day IT protection.

The legislation would create in the White House the Office of Cyberspace Protection, headed by a Senate-confirmed director, who would, according the bill's language, "oversee, coordinate and integrate all policies and activities of the federal government across all instruments of national power relating to ensuring the security and resiliency of cyberspace."

Besides being the president's principal cybersecurity advisor, the cyberspace protection director would oversee the nation's cyberspace strategy, resolve disputes among agencies on the strategy, recommend steps the Office of Management and Budget can take to safeguard government IT, assure compliance by agencies to National Institute of Standards and Technology guidance and recommend changes to agencies budgets to meet their IT security responsibilities.

The bill, if enacted, would establish a National Center for Cybersecurity and Communications at DHS, that like Office of Cyberspace Protection, would be headed by a Senate-confirmed director. The NCCC would oversee the United States Computer Emergency Response Team, known as U.S.-CERT, and lead federal efforts to protect public and private sector cyber and communications networks.

The NCCC director also would advise the president and serve as the primary IT security counselor to the DHS secretary. The director would be assisted by two deputy directors, one named by the DHS secretary to help administer the center and another, to be recommended by the director of national intelligence, to be a liaison with the intelligence community.

Last year, the Obama administration did not embrace the bill; it wasn't enthusiastic about sending its top cybersecurity adviser to Capitol Hill testify. Holding a non-Senate-confirmable post, executive privilege shields Schmidt from testifying. Let's see if the White House raises some ruckus over the new bill.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.