Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Calls for Senate-confirmed cyber official revived
Monday - 7/11/2011, 8:06am EDT
By Jason Miller
Federal News Radio
House lawmakers are renewing their call for a Senate-confirmed White House official to be in charge of civilian agency cybersecurity policy.
The Obama administration's legislative cybersecurity proposal did not include such a position despite strong support from both chambers of Congress. Instead, the White House's bill gives the Homeland Security Department the operational and policy responsibilities while the Office of Management and Budget retains the budget authority.
"There are several provisions in the administration's proposal I would like to see strengthened," said Rep. Elijah Cummings (D-Md.), ranking member of the committee. "First, I hope we will consider the creation of a Senate-confirmable official with authority to set administrationwide cybersecurity policy. It is important that the official responsible implementing the Federal Information Security Management Act (FISMA) have the authority to task all civilian depts. And agencies with implementation of the federal security standards."
Rep. Jim Langevin (D-R.I.) echoed Cummings on this issue.
Langevin, who introduced bills over the last two years to create this position and update FISMA, said current cyber coordinator Howard Schmidt doesn't have the right authorities. Langevin praised Schmidt for the job he is doing.
"We need a strong director's position in the Executive Office of the President that is charged with protecting our federal cyber networks," he said. "I want to see that position strengthened and I want to see it be a Senate-confirmed position with strong authorities."
Langevin said the White House official would have a top line view of all cyber efforts across the government. Currently, neither Schmidt nor DHS have that ability.
"Just last year the White House last year moved further away from this model by moving OMB's oversight for federal security to DHS," he said. "While DHS clearly has the operational lead for protecting the .gov network, what authority do they have to oversee agency budgets and actually compel these important technical challenges be addressed? OMB could do it, but does DHS have that sufficient authority? I really question that."
OMB gave DHS more authority July 2010 over all civilian agency networks, FISMA implementation and other operational elements.
Greg Schaffer, the acting deputy undersecretary for the National Protection and Programs directorate at DHS, said OMB retains the budget authority to be the enforcement entity.
"The legislative proposal would consolidate the oversight responsibility with the operational responsibility that we have and move things in the direction that we would be given the authority to direct departments and agencies to take action to improve their security and deploy appropriate protections," he said.
But Langevin, Cummings and others said this set up isn't enough.
In fact, one of the major Senate cyber bills, sponsored by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), would create a Senate-confirmed cyberspace policy director in the White House.
The White House proposal is not a bill yet, but should one come to the House floor without the requirement for a Senate-confirmed cyberspace director, Langevin wouldn't hesitate to introduce an amendment.
"I'm hoping that ultimately the legislation proposed in the last Congress, which was passed as part of the National Defense authorization bill, including stronger authorities for the cyber coordinator, which would be a directors position, Senate-confirmed and stronger authorities, I want to see that legislation passed," he said. "If there is another vehicle for adding a Senate-confirmed position with strengthened authorities, I would certainly consider that."
The Senate-confirmed White House official was one of two areas committee members focused on that was not in the administration's proposal.
Rep. Jason Chaffetz pressed Schaffer on the security of commercial hardware and software, and whether there have been instances of developers planting malicious code in the technologies.
Schaffer said he's aware of instances where this has happened.
"This is one of the most complicated and difficult challenges we have," he said. "The range of issues goes to the fact that there are foreign components in many U.S. manufactured devices. There's a task force that DHS and DoD co-chair to look at these issues with goals to identify short term mitigation strategies and also to make sure we have capability to maintain U.S. manufacturing capabilities over the long term."
Chaffetz said the concern is the agencies and the public don't know foreign developers are planting viruses and backdoors into software and hardware, and the government already has felt the effect of these attacks.