Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
White House draft bill expands DHS cyber responsibilities
Thursday - 4/14/2011, 6:08pm EDT
By Jason Miller
Federal News Radio
Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.
The proposal would codify much of the administration's memo from July 2010 expanding DHS's cyber responsibilities for civilian networks.
The White House, however, is taking those responsibilities further, according to a source familiar with the document. The administration drafted a legislative proposal to give DHS many, if not all, of the same authorities for the .gov networks that the Defense Department has for the .mil networks.
Federal News Radio recently viewed a draft copy of the legislative proposal.
"I have to question why the Executive branch is writing legislation," said the source, who requested anonymity because they were not authorized to talk about it. "This is not a proposal or white paper like the White House usually sends to Capitol Hill. This is the actual legislation."
The source said the 100-page document is going through interagency review. DHS sent the document around to agencies late last Friday and asked for comments by Monday. The source said few agencies had time to take a hard look at the document, especially in light of the possible government shutdown.
Sources on Capitol Hill and in government confirmed the White House is working on such a proposal.
A DHS spokesman said the agency doesn't comment on pending legislation.
Incorporates Senate cyber bill, OMB memo
The bill would bring together legislative proposals by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), as well as Office of Management and Budget's memo from July 2010 expanding DHS's authorities.
"The cybersecurity legislation being developed in Congress is a large, complex bill with wide-ranging implications, and several Senate committees are involved in its drafting," said committee spokeswoman Leslie Phillips. "The two primary committees of jurisdiction - Homeland Security and Commerce - completed the bulk of their work last August and ironed out several remaining differences by the end of March this year. However, other committees and the White House are critical to the completion of this bill."
In a statement, Lieberman said, "We have been waiting with great anticipation for the White House to weigh in on the best way to protect the American people from catastrophic cyber attacks. If the White House is on the same path we're on, the Senate should be able to approve comprehensive cybersecurity legislation this year."
Collins said in a floor statement in February about the new bill that the legislation would make DHS a strong partner in the process of securing agency networks, but the White House will be the central point for all cybersecurity across the government.
The Lieberman, Collins and Carper bill would establish a National Center for Cybersecurity and Communications in DHS.
"It would be located within the Department of Homeland Security to elevate and strengthen the Department's cyber security capabilities and authorities," Collins said. "This Center also would be led by a Senate-confirmed director. The Cyber Center, anchored at DHS, will close the coordination gaps that currently exist in our disjointed federal cyber security efforts. For day-to-day operations, the Center would use the resources of DHS, and the Center Director would report directly to the Secretary of Homeland Security. On interagency matters related to the security of federal networks, the director would regularly advise the President - a relationship similar to the director of the National Counterterrorism Center on counterterrorism matters or the chairman of the Joint Chiefs of Staff on military issues. These dual relationships would give the director sufficient rank and stature to interact effectively with the heads of other departments and agencies, and with the private sector."
A second source said the proposal also gives DHS much of the Federal Information Security Management Act (FISMA) authorities that currently fall under OMB, such as policy development and issuance, and the creation of performance measures, guidelines and training.
The first source said the proposal actually goes further than previous bills and memos. The source said the DHS secretary would have broad authorities and oversight responsibilities similar to what Gen. Keith Alexander has with DoD's U.S. Cyber Command.
DHS oversees all civilian cybersecurity
The bill authorizes DHS, in coordination with OMB, "to exercise primary responsibility of operational aspects of IT security in agencies" that is consistent with OMB guidance. The DHS secretary "shall oversee agency security implementations, the implementation of policies" and compliance with policy and regulatory requirements.
DHS and OMB also would issue "compulsory and binding directives" oversee the implementation of agency information security policies, review agency information security programs, designate a person to receive information on security threats and issues and address incident response.